Home Analyst Portal

User Permissions

Joshua_WalkerJoshua_Walker Customer IT Monkey ✭
Im doing some testing with Action log comments with Change request. When i add a comment with the End user, i get 



WebConsole.log shows:
2016-06-08 12:05:46,744,Microsoft.EnterpriseManagement.Common.UnauthorizedAccessEnterpriseManagementException: The user ADDCAP\Formation does not have sufficient permission to perform the operation.

Im guessing the permissions are User Role in the  SM console but i dont know which one...? Domain user group is part of the End User Role already



Best Answers

Answers

  • merlenette_jonesmerlenette_jones Member Advanced IT Monkey ✭✭✭
    Im doing some testing with Action log comments with Change request. When i add a comment with the End user, i get 



    WebConsole.log shows:
    2016-06-08 12:05:46,744,Microsoft.EnterpriseManagement.Common.UnauthorizedAccessEnterpriseManagementException: The user ADDCAP\Formation does not have sufficient permission to perform the operation.

    Im guessing the permissions are User Role in the  SM console but i dont know which one...? Domain user group is part of the End User Role already



    Hello Joshua,

    Since you are using CR's are your end-users scoped to have access to the queue that contains the CR's

    Merle
  • Joshua_WalkerJoshua_Walker Customer IT Monkey ✭
    Im doing some testing with Action log comments with Change request. When i add a comment with the End user, i get 



    WebConsole.log shows:
    2016-06-08 12:05:46,744,Microsoft.EnterpriseManagement.Common.UnauthorizedAccessEnterpriseManagementException: The user ADDCAP\Formation does not have sufficient permission to perform the operation.

    Im guessing the permissions are User Role in the  SM console but i dont know which one...? Domain user group is part of the End User Role already



    Hello Joshua,

    Since you are using CR's are your end-users scoped to have access to the queue that contains the CR's

    Merle
    Ah..that might be the problem...do you have a link to some steps i could follow. I have done scoping but im not totally confortable with doing proper scoping.
  • Joshua_WalkerJoshua_Walker Customer IT Monkey ✭
    Ah ok...i  will make one...i think that is what is missing...Since I dont have a for Incidents or Service Requests i didnt know i would need one for CR. Does the queue need anything specific in filter besides Active CR?
  • merlenette_jonesmerlenette_jones Member Advanced IT Monkey ✭✭✭
    Ah ok...i  will make one...i think that is what is missing...Since I dont have a for Incidents or Service Requests i didnt know i would need one for CR. Does the queue need anything specific in filter besides Active CR?
    You can set the criteria to whatever you like but "Active CR" would be the easiest to test what you are looking to accomplish then you can tinker more with the filtering once you are more comfortable with the configuration
  • Joshua_WalkerJoshua_Walker Customer IT Monkey ✭
    ok..i have the queue set..now what?
  • merlenette_jonesmerlenette_jones Member Advanced IT Monkey ✭✭✭
    You will need to recycle the cachebuilder service to rebuild user access to that queue
  • Joshua_WalkerJoshua_Walker Customer IT Monkey ✭
    nope...still the same error
  • merlenette_jonesmerlenette_jones Member Advanced IT Monkey ✭✭✭
    So because the end use role is limited in scope I would suggest using an Advanced operator role and scoping that role to the level of access you would like them to have. End Users can use the self-service portal to create incidents, request software installation, view announcements, and search the knowledge base. Whereas Advanced Operators can create or edit any work items that are in their queue scope and any configuration items that are in their group scope. They can also create, edit, and delete the announcements that are displayed on the Service Manager Self-Service portal.
  • Joshua_WalkerJoshua_Walker Customer IT Monkey ✭
    ok.. will try that and get back to you :)
  • Joshua_WalkerJoshua_Walker Customer IT Monkey ✭
    But if i use Advanced Operators, i cant just select the CR queue i made since it is built in?
  • merlenette_jonesmerlenette_jones Member Advanced IT Monkey ✭✭✭
    You'll need to create a custom role based of the Advanced Operator role. The OOB roles don't allow you to edit them
  • Joshua_WalkerJoshua_Walker Customer IT Monkey ✭
    My users dont have SCSM console on there machines but i dont want them to be able to edit fields of a opened ticket in the cireson portal except for adding attachments and adding action log. Do you know if there is a task i can scope them too instead of selecting all in the Adv Op Role?
  • Joshua_WalkerJoshua_Walker Customer IT Monkey ✭
    thanks, will try it out and post my findings.
  • Joshua_WalkerJoshua_Walker Customer IT Monkey ✭
    Seems good and they dont seem to have access to the rest of the form which is what i want! 

    Thank Merl
  • merlenette_jonesmerlenette_jones Member Advanced IT Monkey ✭✭✭
    Good to hear!!! Glad I could help you out. 
  • Candice_YeudallCandice_Yeudall Customer Advanced IT Monkey ✭✭✭

    Question about this...

    Is a custom form being used here? Or are you just using the CR that comes build in? If you are using the built it have you tested with all the other WI to make sure that there are no adverse affects.

  • Joshua_WalkerJoshua_Walker Customer IT Monkey ✭
    Its built in (if your refering toto the portal forms)...nothing else seems to have changed
Sign In or Register to comment.