Allowing Manager's to see the Create On Behalf of
Candice_Yeudall
Customer Advanced IT Monkey ✭✭✭
I am wondering if there is a way to expose the on behalf of for manager's within the Service Offerings without giving the managers full analyst access while still allowing analyst to also keep Create On Behalf of. At the same time once I figure out the queues I do not want the Analysts to have access to submit the SR that manager's should only have access to.
The alternative that I had thought of was simply asking for the manager to input the name of the affected user, but I have been unable to figure out how to get the answer mapped to the affected user field in the actual ticket.
Thanks.
1
Best Answer
-
Michael_Baldry
Customer Advanced IT Monkey ✭✭✭
If you're on V5.0 or higher, you can configure "Create on Behalf Of" for a non-analyst group. They have an article with details here: https://support.cireson.com/KnowledgeBase/View/1275#/.
For the second part (restricting analyst access to manager services), you can create a Catalog Item Group that contains all of the services that you want to restrict access tom and then create a separate User Role (based on a non-analyst role) that has access to specific Catalog item Groups and Form Templates. You'll have to make sure that your analyst user role doesn't have "All _ can be accessed" selected for Catalog Item groups & Form Templates.
We have a few different types of services in our environment that sound very similar to your requirements. Here's an example of one of them that shows how the pieces tie together:
Employee Requests (Service Offering) and Application Access (Service Offering)
These Service Offerings contain a few request offerings that only managers and HR have access to, such as adding new employees, removing existing employees, or making changes to application access levels. We set the Service Offering Category on both of these Service Offerings to be equal to "Manager Services". The category is just a simple list, so you can define whatever categories you want in there.
Manager Services (Catalog Item Group)
We created a Catalog Item Group that has no "Included Members", and instead uses "Dynamic Members". We picked the Service Offering class, and added one thing to the criteria: "[Service Offering] Category equals [Manager Services]".
Portal - Manager Services (User Role)
This user role has "Provide access to only the selected _" picked for all of the different types of items (queues, CIs, catalog groups, etc), and only has the following things selected:
1. "Manager Services" Catalog Item Group
2. Form templates that are tied to any of the "Manager Services" request offerings
Custom - Advanced Operator (User Role)
This is our Analyst user role. It has "Provide access to only the selected groups" specified for Catalog Item Groups and Form Templates, and does not have "Manager Services" (or the associated templates) selected.
End Result
When managers go to the portal, they see all of the "Manager Services" request offerings on the Service Catalogue page. Analysts don't see any of these request offerings, and do not see the associated templates when creating new work items. If you don't want the analysts to be able to see the work items after they've been created, you'll need to create separate queues. We don't go that far with our setup, so I don't have any insight to provide there, but I'm sure other people on this board do.
8
Answers
For the second part (restricting analyst access to manager services), you can create a Catalog Item Group that contains all of the services that you want to restrict access tom and then create a separate User Role (based on a non-analyst role) that has access to specific Catalog item Groups and Form Templates. You'll have to make sure that your analyst user role doesn't have "All _ can be accessed" selected for Catalog Item groups & Form Templates.
We have a few different types of services in our environment that sound very similar to your requirements. Here's an example of one of them that shows how the pieces tie together:
Employee Requests (Service Offering) and Application Access (Service Offering)
These Service Offerings contain a few request offerings that only managers and HR have access to, such as adding new employees, removing existing employees, or making changes to application access levels. We set the Service Offering Category on both of these Service Offerings to be equal to "Manager Services". The category is just a simple list, so you can define whatever categories you want in there.
Manager Services (Catalog Item Group)
We created a Catalog Item Group that has no "Included Members", and instead uses "Dynamic Members". We picked the Service Offering class, and added one thing to the criteria: "[Service Offering] Category equals [Manager Services]".
Portal - Manager Services (User Role)
This user role has "Provide access to only the selected _" picked for all of the different types of items (queues, CIs, catalog groups, etc), and only has the following things selected:
1. "Manager Services" Catalog Item Group
2. Form templates that are tied to any of the "Manager Services" request offerings
Custom - Advanced Operator (User Role)
This is our Analyst user role. It has "Provide access to only the selected groups" specified for Catalog Item Groups and Form Templates, and does not have "Manager Services" (or the associated templates) selected.
End Result
When managers go to the portal, they see all of the "Manager Services" request offerings on the Service Catalogue page. Analysts don't see any of these request offerings, and do not see the associated templates when creating new work items. If you don't want the analysts to be able to see the work items after they've been created, you'll need to create separate queues. We don't go that far with our setup, so I don't have any insight to provide there, but I'm sure other people on this board do.