EvanD Posted October 18, 2017 Share Posted October 18, 2017 Hello, I am trying to add some roles to my account using my technician account, but I keep getting the error "No rights on application com.hornbill.<role>" (see image for example). I refereed to the wiki article (https://wiki.hornbill.com/index.php/What_Service_Manager_Roles_exist%3F) for the necessary roles for a "Service Desk Administrator", and I already have all of them (see image). Do I need the Super User Role to add roles to user accounts? Thanks, Evan Link to comment Share on other sites More sharing options...
EvanD Posted October 18, 2017 Author Share Posted October 18, 2017 Oh, I found the answer is yes. Source https://wiki.hornbill.com/index.php/Roles "Hornbill is designed to only allow the association of roles if the User who is performing the assignment of a particular role already possess the same system/application rights among the roles that they themselves possess. The "Admin" user account (which possesses the Super User Role) is exempt from this rule and has the ability to assign any role to any other user, therefore it is advised that you use this account (or another Super User Account) to allocate roles to the rest of the Users." I would like to submit a feature request that the "Admin Role" (or a new role) also be granted access to add roles that the user performing the assignment does not already possess. Thank you, Evan Link to comment Share on other sites More sharing options...
James Ainsworth Posted October 19, 2017 Share Posted October 19, 2017 Hi @EvanD Thanks for your post. I would have some concern over our security model with this type of change. It would suggest that people with this new role would not only be able to assign roles that they don't have to others, but also assign these roles to themselves. This ability to elevate ones own rights within Hornbill I think is where others might be concerned. I hope I've understood your post correctly. Hopefully others will contribute to this and we can see if there is concern or not. Regards, James Link to comment Share on other sites More sharing options...
Hornbill Staff DR Posted October 19, 2017 Share Posted October 19, 2017 Hi Evan, thanks for your post.  I'm pleased to see that you have found our roles wiki page useful. With the broader Hornbill community in mind, I think this is a great opportunity to re-visit what "Hornbill" is (as a product). If I may use your initial post as a starting point, the error shown is indicating that the user doesn't have rights to the application called "Hornbill Document Manager". As I'm sure you're now aware, your image of the assigned Security roles shows that this user primarily has a range of Hornbill Service Manager related roles and currently there are no Document manager roles associated to this user account. When we talk about "Hornbill" we are not talking about a single stand-alone application. "Hornbill" is a powerful powerful platform capable of running an array of business collaboration applications that help teams create content, share ideas and feedback, and optimize operations to deliver better customer experiences. Hornbill Service Manager is one such application you can install on the Hornbill Platform. This means that you could have a Hornbill instance purely serving your organisations Collaboration and Document Management needs and as such each application, once installed, presents its own set of security roles that must then be associated to those users who need access to that application to carry out their day-to-day duties. More information can be found here: https://wiki.hornbill.com/index.php/Getting_Started Dan Link to comment Share on other sites More sharing options...
EvanD Posted October 19, 2017 Author Share Posted October 19, 2017 Hello James and Dan, Thank you both for your responses. I am addressing this from the broader perspective of an administrator of my companies Hornbill instance. I work for a multinational corporation with large offices in APAC, EMEA, and the Americas - requiring 24/hr full administrative coverage; and as such, we need at least three full administrators managing our whole Hornbill instance. Currently, the only methods to provide this is are by assigning the Super User Role to the administrators (we've been instructed against doing this, and it would grant additional unwanted privileges as our technician role), or sharing the credentials of the Admin account leading to other security concerns. Creating a new role just for this function would greatly increase security for us, and organizations would initially have to use the Admin account to manually grant the role anyways. The idea is that the new role would minimize the constant need for administrators, who should have full control access, to log in as the Admin account when investigating Roles and Features. Thank you, Evan Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now