Creating A Read Only User

[alecwa]

Hi,

We have two users who have close working relationships with our customer support team. We need to give them access to the CS Request list but must restrict their account so they don't get carried away and start commenting on requests etc. Basically they just need to be able to view the timeline of some requests that come in, in case they get called about any of them.

is it possible to create a role that is READ ONLY, or something to that effect?

[Dan Munns]

@alecwa If you add the users to a group and set 'Allow Task View' to yes and 'Allow Task Action' to no doesn't that stop them being able to edit calls but still see them? 

Under the administration screen:  Home > System > Organisational Data > Organisation > Customer Support Team you can edit the users individually there rather than creating roles.

[alecwa]

Hey @Dan Munns That's just for tasks though isn't it? I was working on the theory that they could still update requests with comments, possibly assign or change priority etc. even if I set "Allow actioning tasks" to false?

I am very much a noob though.......

[Dan Munns]

@alecwa apologies. I misunderstood your requirement.

To set up a role you need to set at up at Home > System > Organisational Data > Roles and then create new role. Add Hornbill Service Manager under Applications, privilege level will be user.

You can then set application rights (the tab wont show up until you have saved the role). You can set 'View Service Requests' / 'View Incidents' / 'View Requests'  then save it and assign users to it. 

You just need to make sure that the users don't have any roles which will elevate their permissions so you may need to add other permissions to the newly created role (view only on the mailbox for example) 

Our read only users have the following roles. 'Basic User Role', 'Self Service User', 'Collaboration Role' and 'Read Only Requests' (which only has the 'View Requests' permission mentioned above) 

[alecwa]

This is awesome - I hadn't dare try and attempt to create a role!

I have followed your instructions and they now have the below. We'll give it a test and see how it works!

Thanks!

[alecwa]

Hi @Dan Munns We've tested this and unfortunately the guys cannot access any requests. When they do they receive the attached error.

I've also attached 3 views showing what rights the SR Read Only Role has.

[Victor]

@alecwa creating a brand new role is not an easy task... this because is almost impossible to document ... so it will have to be (at least in current functionality) a trial and error exercise... so in your example the error indicates missing rights to a table. So you would need to add those rights to that table... then try again and repeat this until actions are error free...

[Dan Munns]

@alecwa I think if you try adding 'Browse' to all the database rights that should fix it. 

As @Victor said though it can be a bit trial and error to get it working properly (and I have more than once had to come cap in hand to the forums to get an explanation as to why something isn't working as I expected) 

Looking at ours though it does has all the 'Browse' options ticked. 

[alecwa]

Cheers guys - I'll give this another bash and let you know how I get on.

[alecwa]

That seems to have worked! View isn't enough by the looks of it. To get into a request they need browse.

Thanks for your help!

[Victor]

@alecwa good news  ... If I may suggest if you are trying to create custom roles for various purposes, the best idea (in my opinion) would be to start form an existing role. Make a copy of the existing role then work backward... meaning remove specific rights until you achieve what you need. It might be faster than building one from scratch...