Jump to content

Super user access - alternative permissions for some elements


Smurfy

Recommended Posts

We have a number of people set up as Super users. Now we are moving forward and most of our initial building of the tool is complete we want to take the super user access away and move to a more "day to day" set of roles.

Please can you help me with finding the right permissions for the following as I am struggling a bit - 

  1. Being able to view and amend a PCF or BPM not created by the person needing to amend (so for example if I created a BPM I would like others, not everyone so need to find the best suited role, to be able to amend in my absence) I thought Business process Manager and Progressive capture Manager would give that ability but it seems on our tests that I can only see the ones you "own" I've looked through settings too and have drawn a blank.
  2. Being able to reassign an activity/task linked to a ticket where the person doing the reassign is not in the team its currently assigned to
    (So our scenario here is our change team may need to move a change ticket and its activity from Networks to Servers - they can assign the ticket but not the activity/task)
  3. This one is being looked at already by hornbill (wondered if it has been done yet) - being able to view the entity viewer (hopefully putting it with the reporting admin role as I feel it would fit well there?)
Link to comment
Share on other sites

@Smurfy The criteria for reassigning Tasks are detailed in the Re-Assignment Rules section of the wiki page.

Sharing Progressive Captures can be achieved, again, see the wiki page under Sharing and Visibility. The same "Access Granted To" options are available on Business Processes.
I don't have these settings active on my Instance, so please come back with any further questions or issues.

Link to comment
Share on other sites

@Smurfy

Have you changed this setting to enable access controls to the PCF / BPM?  I've come across it a lot of the years, intending to turn it on but I don't have a need to do so... yet... so, I've kept this noted until the time comes to turn it on.

Here is a screenshot showing this setting from the Wiki Page that Steve linked:
image.png.0bea3377d21231335bdf8d5abf1636ce.png

Link to comment
Share on other sites

Thanks @samwoo

I have turned that on. So I'm guessing I need to create a role that those who I want to see, and able to update,  all PCFs and BPMs and then apply access granted to "<new role>" ?
 

Link to comment
Share on other sites

On 3/3/2022 at 4:15 PM, Smurfy said:

Being able to reassign an activity/task linked to a ticket where the person doing the reassign is not in the team its currently assigned to
(So our scenario here is our change team may need to move a change ticket and its activity from Networks to Servers - they can assign the ticket but not the activity/task)

This is also an issue for us as we have had to give Super User role to our Service Desk analysts as they need to be able to complete and re-assign task to others, as a lot of our tasks are system generated they need this level of access to be able to do these tasks. Ideally we would like to change this level of access as it also allows them to view certain elements of the system that we would prefer them not to be able to see.

  • Like 2
Link to comment
Share on other sites

21 minutes ago, Jeremy said:

we have had to give Super User role to our Service Desk analysts as they need to be able to complete and re-assign task to others

There is never a requirement for Super User in relation to completing Tasks.

If you need to complete Tasks that are not assigned to you, then consider assigning Tasks to Groups or Roles, or deploying the advancedTaskCompleter Role.

Likewise the re-assign option, the Owner can always re-assign a Task, there should never (from a Security perspective) be a scenario where you're granting Super User to Analysts. In fact only in very specific cases should any account other than System Administrator have the Super User Role.

You should always create a Task with an Owner, and they will be able to re-assign the Task. As mentioned above the criteria for reassigning Tasks are detailed in the Re-Assignment Rules section of the wiki page.

Link to comment
Share on other sites

We have assigned these roles but as mentioned if the task is assigned by the system... it makes it nearly impossible to complete etc without this role. Also the way in which we are structured the Service Desk and the analysts oversee a lot of the system and they cross teams and requests so without the Super User role they can't easily do they jobs.

Link to comment
Share on other sites

Similar to @Jeremy with overseeing a lot of the system across teams except ours is the change team.
If we assigned all the activity's the change team have built in their BPMs to their group or role, as well as the actioning group, the change team would have too many notifications.

Link to comment
Share on other sites

24 minutes ago, Jeremy said:

if the task is assigned by the system... it makes it nearly impossible to complete

I'm not sure I follow - assigned by the System how? If you're referring to a Business Process then the option to specify an Owner is in the Node.

 

9 minutes ago, Smurfy said:

If we assigned all the activity's the change team have built in their BPMs to their group or role

Being the Owner does not assign the Task to you, or generate notifications.
Your issue would be that there are two people in the Change Team, but a Task can only have one Owner.

Link to comment
Share on other sites

1 hour ago, Steve Giller said:

Being the Owner does not assign the Task to you, or generate notifications.
Your issue would be that there are two people in the Change Team, but a Task can only have one Owner.

Yes we have 3 people in our change team

Link to comment
Share on other sites

8 minutes ago, Smurfy said:

Yes we have 3 people in our change team

I could have sworn it was 2! 

A workaround for that would be to ensure Tasks are assigned to Teams, not individuals (which is useful anyway as it allows for leave/sickness absences) and ensure that the Change Team are also members of any Teams they are entitled to re-assign Tasks for.
It may not be the most elegant solution but should fit the way you work without requiring extra functionality or elevated privileges.

Link to comment
Share on other sites

sorry @Steve Giller No I mean we have 3 people - 3 people that need to be able to manage tasks across all the teams.
I could make them a memebr of all the teams but then they get swamped with notifications which are not relevant :( 
 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...