End users are able to access tickets from other tenants through CA Service Management Mobile Application

book

Article ID: 127535

calendar_today

Updated On:

Products

CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Important information:

- Multi-Tenant environment.
- Mobile Access enabled.

End users from a specific tenant are being able to access ticket from other tenants. It causes a lot of security concerns, because customers use CA Service Management for different internal customers and related end users.

Environment

Clarity Service Management 17.1
Clarity Service Management 17.0

Resolution

When implementing CA Service Management Mobile Application, pay attention to the Access Types and Roles you have configured. When configuring the related Access Types, the field "REST Web Service API Role" manages the security layer for the mobile access. Depending the way you set the role intended to that field, end users will be able to access ticket from other tenants.


Additional Information

Verify the Prerequisites for CA Service Management Mobile Application
Security and Role Management

Attachments