How can I restrict access on WI based on support group/SR template?
Hello,
I would like to open the Analyst Portal to HR, but the issue is that all the related SRs are highly confidential and can be accessed only by HR analyst group. Using pages and WI filtering is not an option as searching might display confidential data. Is there any possibility to achieve this?
regards,
Jacky
Answers
@Jacky_Gross - Using Work Item queues and Security Roles in SCSM will prevent users from seeing work items that are not in their queue scope. For example you could have a queue based on SupportGroup equals HR and a Role that is only scoped for that queue and a queue where SupportGroup is not equal to HR and a role that is scoped on that queue.
Exactly what Justin said. Queues are the answer here and it's exactly what we've done as well around HR based requests.
@Justin_Workman thanks for your answer. I do use security roles for Request Offerings and it works correctly. The issue was that for WI there is the Cireson search which I don't know if it takes into account the roles/queues.
The idea is that HR analyst will have full access for HR requests and IT analyst to IT only...
I'll do the testing and come back to you.
Best regards
@Jacky_Gross - Queues will manage the users' access even in the context of the portal search.
@Justin_Workman thanks, but I'm having one issue: the end user role has access to all work items otherwise they cannot access their own WIs.There is no possibility to create a queue where Affected User = [me]. How did you manage that as roles are cumulative ...
Users in a single role with no queue access can still access their own work items. Being the Affected User gives implied permissions to the work item.
@Justin_Workman it seems like being the Affected User doesn't give the implied permissions (read, comments, reactivate) to their own WIs ... As in the End User custom role there is no queue selected, even though they have access to the catalog and forms and can create items, they cannot access their own as an End User.
Any idea what's wrong?
All the other settings with Analysts are fine now.