Smurfy Posted March 3, 2022 Posted March 3, 2022 We have a number of people set up as Super users. Now we are moving forward and most of our initial building of the tool is complete we want to take the super user access away and move to a more "day to day" set of roles. Please can you help me with finding the right permissions for the following as I am struggling a bit - Being able to view and amend a PCF or BPM not created by the person needing to amend (so for example if I created a BPM I would like others, not everyone so need to find the best suited role, to be able to amend in my absence) I thought Business process Manager and Progressive capture Manager would give that ability but it seems on our tests that I can only see the ones you "own" I've looked through settings too and have drawn a blank. Being able to reassign an activity/task linked to a ticket where the person doing the reassign is not in the team its currently assigned to (So our scenario here is our change team may need to move a change ticket and its activity from Networks to Servers - they can assign the ticket but not the activity/task) This one is being looked at already by hornbill (wondered if it has been done yet) - being able to view the entity viewer (hopefully putting it with the reporting admin role as I feel it would fit well there?)
Steve Giller Posted March 3, 2022 Posted March 3, 2022 @Smurfy The criteria for reassigning Tasks are detailed in the Re-Assignment Rules section of the wiki page. Sharing Progressive Captures can be achieved, again, see the wiki page under Sharing and Visibility. The same "Access Granted To" options are available on Business Processes. I don't have these settings active on my Instance, so please come back with any further questions or issues.
Smurfy Posted March 3, 2022 Author Posted March 3, 2022 Thanks @Steve Giller I’m perhaps reading the wiki incorrectly because it’s not giving me what I’m trying to achieve.
samwoo Posted March 4, 2022 Posted March 4, 2022 @Smurfy Have you changed this setting to enable access controls to the PCF / BPM? I've come across it a lot of the years, intending to turn it on but I don't have a need to do so... yet... so, I've kept this noted until the time comes to turn it on. Here is a screenshot showing this setting from the Wiki Page that Steve linked:
Smurfy Posted March 7, 2022 Author Posted March 7, 2022 Thanks @samwoo I have turned that on. So I'm guessing I need to create a role that those who I want to see, and able to update, all PCFs and BPMs and then apply access granted to "<new role>" ?
James Ainsworth Posted March 7, 2022 Posted March 7, 2022 Hi @Smurfy Keep in mind that when you are configuring a BPM you have the options to use Roles, Groups, or individual Users in order to grant access.
Smurfy Posted March 8, 2022 Author Posted March 8, 2022 Hi @James Ainsworth Yes I tried this. I also tried with the analysts name under user did not work. I think we have a fault with ours which I reported yesterday.
Jeremy Posted March 8, 2022 Posted March 8, 2022 On 3/3/2022 at 4:15 PM, Smurfy said: Being able to reassign an activity/task linked to a ticket where the person doing the reassign is not in the team its currently assigned to (So our scenario here is our change team may need to move a change ticket and its activity from Networks to Servers - they can assign the ticket but not the activity/task) This is also an issue for us as we have had to give Super User role to our Service Desk analysts as they need to be able to complete and re-assign task to others, as a lot of our tasks are system generated they need this level of access to be able to do these tasks. Ideally we would like to change this level of access as it also allows them to view certain elements of the system that we would prefer them not to be able to see. 2
Steve Giller Posted March 8, 2022 Posted March 8, 2022 21 minutes ago, Jeremy said: we have had to give Super User role to our Service Desk analysts as they need to be able to complete and re-assign task to others There is never a requirement for Super User in relation to completing Tasks. If you need to complete Tasks that are not assigned to you, then consider assigning Tasks to Groups or Roles, or deploying the advancedTaskCompleter Role. Likewise the re-assign option, the Owner can always re-assign a Task, there should never (from a Security perspective) be a scenario where you're granting Super User to Analysts. In fact only in very specific cases should any account other than System Administrator have the Super User Role. You should always create a Task with an Owner, and they will be able to re-assign the Task. As mentioned above the criteria for reassigning Tasks are detailed in the Re-Assignment Rules section of the wiki page.
Jeremy Posted March 8, 2022 Posted March 8, 2022 We have assigned these roles but as mentioned if the task is assigned by the system... it makes it nearly impossible to complete etc without this role. Also the way in which we are structured the Service Desk and the analysts oversee a lot of the system and they cross teams and requests so without the Super User role they can't easily do they jobs.
Smurfy Posted March 8, 2022 Author Posted March 8, 2022 Similar to @Jeremy with overseeing a lot of the system across teams except ours is the change team. If we assigned all the activity's the change team have built in their BPMs to their group or role, as well as the actioning group, the change team would have too many notifications.
Steve Giller Posted March 8, 2022 Posted March 8, 2022 24 minutes ago, Jeremy said: if the task is assigned by the system... it makes it nearly impossible to complete I'm not sure I follow - assigned by the System how? If you're referring to a Business Process then the option to specify an Owner is in the Node. 9 minutes ago, Smurfy said: If we assigned all the activity's the change team have built in their BPMs to their group or role Being the Owner does not assign the Task to you, or generate notifications. Your issue would be that there are two people in the Change Team, but a Task can only have one Owner.
Smurfy Posted March 8, 2022 Author Posted March 8, 2022 1 hour ago, Steve Giller said: Being the Owner does not assign the Task to you, or generate notifications. Your issue would be that there are two people in the Change Team, but a Task can only have one Owner. Yes we have 3 people in our change team
Steve Giller Posted March 8, 2022 Posted March 8, 2022 8 minutes ago, Smurfy said: Yes we have 3 people in our change team I could have sworn it was 2! A workaround for that would be to ensure Tasks are assigned to Teams, not individuals (which is useful anyway as it allows for leave/sickness absences) and ensure that the Change Team are also members of any Teams they are entitled to re-assign Tasks for. It may not be the most elegant solution but should fit the way you work without requiring extra functionality or elevated privileges.
Smurfy Posted March 8, 2022 Author Posted March 8, 2022 sorry @Steve Giller No I mean we have 3 people - 3 people that need to be able to manage tasks across all the teams. I could make them a memebr of all the teams but then they get swamped with notifications which are not relevant
Steve Giller Posted March 8, 2022 Posted March 8, 2022 7 minutes ago, Smurfy said: they get swamped with notifications There is some (it may or may not be enough) control over this:
Jeremy Posted March 8, 2022 Posted March 8, 2022 @Smurfy we have the same issue we have about 12 people on our service desk but 59 teams that they can potentially oversea and help with so we cannot add them to all teams as then it would cause lots of issues.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now