Home General Discussion

End-Users with ability to Approve/Reject Change Requests

Hi Guys,

I've been asked to allow "System Owners" the ability to approve Change Requests which are raised against their systems.

I've created a new security group, and have assigned the approve/reject permissions in the portal to this security group, i've also created a new user role with pretty much all access to the queues.

I have NOT added this security group to the Analyst group, as i do not want them to have any access other than approve reject.

Unfortunately when the user goes to the CR, they are greeted only by the loading wheel, and that's it.

Any advice?

Answers

  • Peter_SettlePeter_Settle Customer Advanced IT Monkey ✭✭✭
    Have they got Activity Implementer rights in SCSM or Advanced Operator as they will need permissions set in SCSM as well as an attached Cireson AD group.
  • Peter_SettlePeter_Settle Customer Advanced IT Monkey ✭✭✭

    I do currently have a Cireson_EndUser who Approves Change requests.

    However I add them into the RA and the system sends out the Approval Email and he uses the links within the template in order to Approve or Reject. The workflow then resolves his email address to the User in the RA and changes the vote accordingly.

  • Marcel_DaAnunciacaoMarcel_DaAnunciacao Customer IT Monkey ✭
    Have they got Activity Implementer rights in SCSM or Advanced Operator as they will need permissions set in SCSM as well as an attached Cireson AD group.
    I've given them a custom role in the backend with just approve and reject rights in SCSM. I'll give the Activity Implements role too for testing.

    Peter, the issue with that is, is that they are not able to read the CR! So they would be approving blindly!
  • Joe_BurrowsJoe_Burrows Cireson Devops Super IT Monkey ✭✭✭✭✭
    edited June 2017
    Sounds like there is an issue with the form, are you using a custom form for CRs?

    We do have the new approval page coming soon in v7.5:
    https://support.cireson.com/KnowledgeBase/View/1394#/ 

    https://support.cireson.com/KnowledgeBase/View/1351#/
  • Marcel_DaAnunciacaoMarcel_DaAnunciacao Customer IT Monkey ✭
    We haven't customised any forms as yet, so it's out of the box CR forms.

    As soon as i added the CM Reviewers group to the Analyst group it's loaded the page.
  • Joe_BurrowsJoe_Burrows Cireson Devops Super IT Monkey ✭✭✭✭✭
    What version of the portal?

    Any errors in the webconsole logs, and just to confirm you have no changerequest.js in C:\inetpub\ciresonportal\customspace ?
  • Marcel_DaAnunciacaoMarcel_DaAnunciacao Customer IT Monkey ✭
    What version of the portal?

    Any errors in the webconsole logs, and just to confirm you have no changerequest.js in C:\inetpub\ciresonportal\customspace ?
    Current Portal Version: 7.3.2012.1
    Management Pack Version: 7.7.2012.185

    100% confirm there is no changerequest.js in customspace.

    Honestly I think there's a scoping issue with my roles, i'm not 100% sure what the issue is though. I've given them access to all forms, all queues, all items, etc, but only allowed them to approve/reject.

    I'll keep playing aroudn with the roles, but any idea on what the bare minimum would be to allow an "end user" access to view, and vote on a CR?
  • Joe_BurrowsJoe_Burrows Cireson Devops Super IT Monkey ✭✭✭✭✭
    Which role did you base your custom role on, change managers or advanced operator? 

    Scoping tasks (I believe) has no effect in the portal, its more for hiding tasks from the SCSM console for user. Ill do a test and see if I can get this to load in my lab environment.
  • Marcel_DaAnunciacaoMarcel_DaAnunciacao Customer IT Monkey ✭
    Which role did you base your custom role on, change managers or advanced operator? 

    Scoping tasks (I believe) has no effect in the portal, its more for hiding tasks from the SCSM console for user. Ill do a test and see if I can get this to load in my lab environment.
    Actually i didn't base it off any role. Originally i added the security group to the Change Managers group, and this had no luck either. I then created a new role with additional access but only approve/reject with no luck.

    I'll create a copy off change managers and give them access to all forms/workitems/queues etc.
  • Marcel_DaAnunciacaoMarcel_DaAnunciacao Customer IT Monkey ✭
    So a minor update. Basing off Change Managers does nothing. It still hangs at loading the screen. The only way to fix this, is to add the user/group to the Analyst group. This then allows them to load the CR and approve/reject the CR.

    IDEALLY i'd like to remove this access, but for the time being i'll be adding the CM Reviewers group to the Analyst group until i can get this scoped access working.

    Joe if you have any ideas i'd love to hear them. I've also raised this as an incident, although still waiting to hear back from any one.
  • merlenette_jonesmerlenette_jones Member Advanced IT Monkey ✭✭✭
    Hello @Marcel_DaAnunciacao


    The end user must also have access to the Parent work item as well. Giving an End-user just access to an activity will not work as the end-user also needs access to the Parent RO. If adding the users to the Analyst role resolves the issue then we need to look at the scoping access of the forms. Can you reference my article here - https://community.cireson.com/discussion/321/cireson-portal-tip-configuring-an-end-user-as-a-reviewer-for-the-cireson-portal#latest


    Let me know if this helps
  • Joe_BurrowsJoe_Burrows Cireson Devops Super IT Monkey ✭✭✭✭✭
    edited June 2017
    So a minor update. Basing off Change Managers does nothing. It still hangs at loading the screen. The only way to fix this, is to add the user/group to the Analyst group. This then allows them to load the CR and approve/reject the CR.

    IDEALLY i'd like to remove this access, but for the time being i'll be adding the CM Reviewers group to the Analyst group until i can get this scoped access working.

    Joe if you have any ideas i'd love to hear them. I've also raised this as an incident, although still waiting to hear back from any one.
    Ive tested successfully as a standard end user thats a member of the change manager role (no queue scopes - access to all queues). Just make sure when you do your testing to restart your cachebuilder AND website for the permission change to take effect.

    If still an issue then maybe easier to troubleshoot in a support ticket with the appropriate log files. 
  • Joe_BurrowsJoe_Burrows Cireson Devops Super IT Monkey ✭✭✭✭✭
    edited June 2017
    @Marcel_DaAnunciacao I was testing on 7.4 and found this PR for 7.3:
    https://support.cireson.com/Problem/Edit/PR60662/

    It has some linked incidents where users has reported the issue with CRs, so id recommend upgrading to 7.4 (or using the workaround in the PR ticket) and it should hopefully fix the issue you are seeing.
  • Peter_SettlePeter_Settle Customer Advanced IT Monkey ✭✭✭
    Marcel_DaAnunciacao             My email template is very structured and provides all the information that they require in order to make a constructive decision. Therefore the access they have does suit my needs.
Sign In or Register to comment.