Lynne Aldridge Posted June 29, 2023 Share Posted June 29, 2023 We have from time to time very sensitive calls being raised. I was wondering if it is it possible to restrict who can see the update details of an Incident or SR Link to comment Share on other sites More sharing options...
Steve Giller Posted June 29, 2023 Share Posted June 29, 2023 It's not completely clear what you're asking, can you clarify a little? At the basic level, only Teams who Support a Service can view its Requests, so the simplest answer here is to ensure that only Teams you want to see the sensitive information support the Services that these Requests will be raised against. There is also the Visibility setting on Updates, which can restrict the post to Team or Owner if required. Link to comment Share on other sites More sharing options...
Berto2002 Posted July 4, 2023 Share Posted July 4, 2023 @Lynne Aldridge One of the bits Steve mentioned is the Service Portfolio; you can set the "Supporting Teams" and only people in those teams will be able to see the Requests. Everyone else without admin access gets to see "You are not authorised to view this request" error message. Your Subscribers controls who can log a Request for that Service Take care though, Request data is available through the Reporting Engine so when we implemented our Councillor Case Management solution, we needed to pull-back all our Reporting access to sys admins only. We also, by default, have every BPM set a custom field integer flag (custom 28) as either 0 (not restricted), 1 (Councillor-restricted) or 2 (HR) and every report with Request data also filters on that custom field to either include or exclude such Requests; so we don't get leaks of the data or metadata from confidential Requests. Link to comment Share on other sites More sharing options...
Lynne Aldridge Posted July 5, 2023 Author Share Posted July 5, 2023 Thanks both for your feedback there really useful and has helped us with this issue. Link to comment Share on other sites More sharing options...
Sam P Posted July 6, 2023 Share Posted July 6, 2023 On 7/4/2023 at 3:37 PM, Berto2002 said: We also, by default, have every BPM set a custom field integer flag (custom 28) as either 0 (not restricted), 1 (Councillor-restricted) or 2 (HR) and every report with Request data also filters on that custom field to either include or exclude such Requests; so we don't get leaks of the data or metadata from confidential Requests. This is a great tip which I'll save for when we bring HR online to our instance. Thank you @Berto2002 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now