Global Search Scope
we have an issue with the Global search - In detail the results which are shown. Global search is only activated for analysts - End users have to use the old one.
In our company we have an IT which is based in our headquarter. Every department of this IT has its own security group (based on Advanced Operator), which also has access to all work items, config items and tasks. We just filter the Service/Request Offerings, which are shown with this groups.
We also have ONE Incident Resolver Security group, whose only member is the Cireson Analyst AD group which we defined in the portal.
In some subsidiaries we have Administrators who also need access to certain work items, Hardware Assets and so on - So they can fullfill their work. I created Security Groups (based on Incident Resolver) for every subsidiary and also catalogue groups for Hardware Assets, which are in their location, as well as queues for Incidents, where users from their locations are the affected user.
As every user in our company needs the permission to approve/reject a Review Activity (not all, only the ones assigned to him/her), we had to add the service request class to the scope of our custom End User class, which includes every user from our domain. I did this with the help of this script: https://docs.microsoft.com/en-us/system-center/scsm/sm-perf?view=sc-sm-2022 . So no queue is needed fro Service Requests and users can approv/reject their RAs as soon as the SR is created. I did the same with the user class, software asset class and some other classes (like Standard, Location and so on) where every user needs the permission to see and select them in a request offering - That works really well and we reduce the time which is needed for the group/queue calculation.
Now the problem with global search is, that analysts, who are not member of any of the headquarter IT Security groups, are not able to see any Results when they are searching for Service Requests, Software Assets, Review Activities and Manual Activities, where we set the permission for the global end user group with this script - They see their scoped incidents, all Users(which we added to the scope of the global user security group with the script as well) and their scoped Hardware Assets though. I thought maybe this is because we have it only activated for analysts and so I have to add the SR class to the scope to the Cireson Analyst security group as well, but unfortunately that did not help (also after a cachebuilder restart/Scope rebuild). When we send them a link to the Service Request they can open it without any problems, so the permissions are set correctly. Same goes for Manual Activities and Review Activities - The base Analyst security group whose only member is the Cireson Analyst group has scope access to all RAs and MAs (not via queues but with the script from Microsoft) - Still the search returns no results here.
Did I miss something here? Or are scopes outside of groups/queues, like we did with the script, not supported in Cireson and Global Search? But why is it working when they search for AD users then? Or are the AD Users visible because the global users instance group is selected in the config item groups?