How to restrict access to another teams requests?

[lee mcdermott]

Hi,

We have a specific team in Hornbill that we do not want any other teams to be able to see or access the calls in that queue. So are trying to restrict the access. Currently everyone can see all services and calls.

The team in question has its own Service defined as well.

Under the service we have added the relevant Supporting Team To try to stop other teams(analysts) being able to view the calls in that team queue.

This has worked if someone selects to view "All My Services" they can no longer see those calls assigned to that particular team.

however if you create a custom view or just do an advanced search and enter the team name you can still see all those calls 

 

What is the best way to restrict access to this team and similarly to prevent that team being able to see all the other teams and calls outside of their own queue?

 

thanks

lee

 

[James Ainsworth]

Hi Lee,

Thanks for your post.  You have taken the right steps.  I'm wondering if some of the users have more rights than they should.   There are some roles that would provide this additional visibility.  I would start by looking at one of the users that can see the requests that they shouldn't be able to and check their roles.  

[lee mcdermott]

@James Ainsworth

Hi James,

 

most if not all analysts have the Incident management full access to enable them to reopen closed calls. Would it be this role that allows them to still see all calls?

 

Also I have just realised that by adding a team to the supported team of a particular service has removed the ability of anyone on that team being able to assign calls to any other team?

 

Is there a particular role or set of roles that allows an analyst to only see calls in their own queue but still able to assign calls elsewhere and re pen a call if need be? Or would i need to try and create a custom role?

[James Ainsworth]

7 hours ago, lee mcdermott said:

most if not all analysts have the Incident management full access to enable them to reopen closed calls. Would it be this role that allows them to still see all calls?

This role shouldn't give visibility to requests. The Service Desk Admin role will.  Worth checking to see if any of the users have this.  Personally, I wouldn't give users the Incident Management Full Access role.  It does give these users the keys to the kingdom.  If it is only for the sake of being able to reopen closed requests, then I'd recommend creating a custom role and just adding that right. 

 

7 hours ago, lee mcdermott said:

Also I have just realised that by adding a team to the supported team of a particular service has removed the ability of anyone on that team being able to assign calls to any other team?

 

That's correct.  When you allocate one or more support teams to a service, only those teams can manage and view the requests raised under that service.  Is there a use case here where a request has been raised to the wrong service and they are trying to assign it to the correct service and team?

 

7 hours ago, lee mcdermott said:

Is there a particular role or set of roles that allows an analyst to only see calls in their own queue but still able to assign calls elsewhere and re pen a call if need be? Or would i need to try and create a custom role?

 

The roles do not have any control over individual queues.  The visibility of requests is managed through the allocation of support teams to a service.