Help with Roles - need Service Manager read-only

[Sam P]

Is anyone able to share the details of a role they have created that allows someone read-only access to Service Manager?  I have a small group of users that should be able to view tickets via Service Manager but not log, update, resolve, close or reopen them.   Having some settings to copy would save me a great deal of time.  Thanks in advance 

[Victor]

@Sam P the most straight forward way is to customise an existing app role.

Navigate to the desired standard role, for example "Incident Management User". Create a copy of this role:

Edit the newly created role, in this example I named it "Incident Test" and navigate to the Application Rights tab:

 

In here remove all the app rights, except the "View" rights, for example, it can look like this:

You can also remove all the rights from the "System Rights" tab, as they are only for actions performed on requests which is something these users won't do.

Save changes for each tab. Assign this role to the desired users and see how it works. Let us know how it works.

[Sam P]

Thanks @Victor, I copied my Incident Management User role, removed everything as described and added to Test User (of type: User)

 

I removed all the original rights except Collaboration Role (it wouldn't let Test User log in without it):

 

However this user can still update requests via the Action Bar:

I should also have said that they need to maintain the ability to log via Self-Service on the Employee Portal which has been lost.  They are a essentially an employee that can see any request but not do anything on them.

Any ideas what to try next? 

[James Ainsworth]

Hi @Sam P

Try adding the following role to the user...

[Sam P]

Thanks @James Ainsworththats fixed the logging bit, now I just need to find out if I can remove Service Manager update rights, as they still seem to be able to add Connections and take the Update and Phone actions from the Action bar (not the end of the world I guess).  

 

[James Ainsworth]

Hi @Sam P

I'll ask about this and see if these 3 actions can be looked at.  

[Estie]

Hi I am looking to do the same thing with some of my users.  Was there any conclusion to this? 

Also would the read only access in this role require a Service Manager licence?

Thanks

[Steve Giller]

4 minutes ago, Stefania Tarantino said:

Also would the read only access in this role require a Service Manager licence?

Yes, this would provide access to Service Manager so would consume a License.

5 minutes ago, Stefania Tarantino said:

Was there any conclusion to this?

As far as I'm aware, the settings above are the nearest to completely read-only you will achieve. If you remove the rights to update requests for a User then should that User be a Customer at any point they would not be able to update the requests they had raised.

[Teresa Ward]

I'm also interested in this, I'm thinking that we could set up a separate Direct login for viewing requests as they wouldn't need to do that on a continual basis. If we do this how can we restrict their rights to update?

Is it also possible to restrict their view to only see calls raised by customers in a particular organisation?

[Estie]

Hi the way I got around this was to add the users who need read only access as interested connections.  My users only required access to certain types of tickets ie Major incidents so was able to add a node to the relevant BPM to add them as interested connections if a Major incident was raised.  Seems to work well and no Service Manager Licence was needed.   They view the requests from the home portal.
I found this Wiki page very useful: https://wiki.hornbill.com/index.php?title=Connections

Hope that helps 

[Teresa Ward]

Thanks @Stefania Tarantino

I am considering this but I think the volume of calls may be too high, they would get 20-30 new calls a month. I'm also interested in this for audit purposes as we are regularly audited and the auditors need access to view the timeline but they shouldn't be updating any of the requests