Home Analyst Portal

Users can't approve

Brian_WinterBrian_Winter Customer Adept IT Monkey ✭✭

It appears that some people in our organization cannot approve an RA either through an Exchange Connector or via the portal. What security roles do I need to check?

Answers

  • Justin_WorkmanJustin_Workman Cireson Support Super IT Monkey ✭✭✭✭✭

    @Brian_Winter - It's kind of strange that folks can't issue approval even with the Exchange Connector. It was my understanding that that was done with the workflow account. Are you using the MS Exchange Connector or the SMlets one?

  • Brian_WinterBrian_Winter Customer Adept IT Monkey ✭✭

    The SMLets connector. What's even stranger is that most people have no problem. It just seems to be some subset of users.

  • Justin_WorkmanJustin_Workman Cireson Support Super IT Monkey ✭✭✭✭✭

    Oh well...that makes a bit more sense as I expect that connector uses their account (@Adam_Dzyacky can confirm). Although, any assigned Reviewer should have implied rights to their RAs. Have you tried building a queue of RAs and given the problematic users' role explicit access to the RAs?

  • Adam_DzyackyAdam_Dzyacky Product Owner Contributor Monkey ✭✭✭✭✭
    edited March 9

    The connector uses the workflow account to perform the actual commit in SCSM. Since the WF account has to be an administrator the question of permissions never come into play.

    Once the RA is found it checks to see if the email that came in is the same as the Reviewer's primary SMTP notification channel. Assuming they match, the vote is processed. That block of PowerShell can be seen here -


  • Brian_WinterBrian_Winter Customer Adept IT Monkey ✭✭

    Also, somewhat related, if there was a way to make an Approval "on behalf of" the Reviewer. I guess the challenge would be to figure out WHICH Reviewer if there were multiple Reviewers in the RA.


    We have IT Analysts that can Approve on behalf of, but that means engaging IT. Usually, by that time, the user has had numerous failures and is short of patience.

  • Adam_DzyackyAdam_Dzyacky Product Owner Contributor Monkey ✭✭✭✭✭
    edited March 6

    In v1.4 the feature was introduced for a single user to vote on behalf of an AD group. But as far as a user on behalf of another user, no that doesn't exist...although not a bad idea. Just need to figure out how that could be controlled to prevent abuse.

Sign In or Register to comment.