Why Are Users Unable to Submit Requests From the Request Offerings in the Cireson Self-Service Porta
Hi there,
I setup a user role based on Service Request Analysts that role can create service requests they are based on a template contains review activites via scsm console. If I'm trying to do so in Cireson-Self-Service-Portal I got an error prompt "Unauthorizied Access". This certain user role is linked to two groups, one group belongs to all AD-User-Obejects and the second is related to AD-Group-Objects. The second group is restricted by a criteria. If I disable the criteria it does submit the request offering from Cireson-Portal. If I enable a criteria on the first group it also submits the offering. Why I can restrict the user scope but not the groups?
In this KB the issue is documented which I described above. With the differences that this KB belongs only to end user role and to all user-objects. And I don't understand the workaround, because if I would enable 'Global users instance group’ then I cant restrict the scope of the groups anymore.
Answers
Hi @Steffen_Dobritz,
Would you be able to provide some screenshots of your setup if possible?
What is the restriction added onto the AD Group Objects?
What objects are in these 2 groups?
Thanks,
Shane
hello @Shane_White ,
as I said first group contains objects from class Active-Directory User and the second from class Active-Directory Group. If I delete the criteria for Active Directory Group the user is able to submit the request. And any criteria for the class Active-Directory User has no effects for subbmitting the request.
Hi @Steffen_Dobritz
Okay it sounds like you might be restricting access to groups that have access to those Service Requests which is why when you remove the restriction it works fine because they have access to all groups.
It could be those Request Offering/Service Offerings are bringing through information that is outside the scope of your restriction.
Thanks,
Shane
I dont think so, because the Request Offering works fine, if I run it in the Console or in the Microsoft SSP. It only does not work in Cireson Portal.
Does the RO have Query prompts to add related CI's?
The Cireson portal requires that all users need edit permissions to CI's to be able to submit a RO that adds a relationship to a CI.
Hi @Steffen_Dobritz
Brian has a very good point can you check the RO's for related CI's?
To me it is failing because the restriction is preventing accessing to something in the RO so it does not work as access to one element in the RO is missing.
It might be easier for your End User role to give access to all CI's, it reduces scoping so is more performant, in addition to portal is restricted anyway so End Users have no way of accessing these CI's to change them anyway!
Let me know what you think!
Thanks,
Shane