NetworkShare and ResetPassword permissions under ServiceDesk.Services.Items do not control access to the respective forms as expected

book

Article ID: 158212

calendar_today

Updated On:

Products

ServiceDesk

Issue/Introduction

Users that do not have these two permissions will see the respective forms in IT Services category of Service Catalog (Submit Request menu item).

  • ServiceDesk.Service.Items.NetworkShare (Can access the Request Access to Network Share item in the service catalog)
  • ServiceDesk.Service.Items.ResetPassword (Can access the Reset Password item in the service catalog)

Perhaps most noticeably, All Users group by default does not have these permissions set, yet users in All Users group will still see Request Access to Network Share and Reset Password items.

Cause

In Service Catalog configuration, access to these two items is given by ServiceDesk.Services.Categories.It permissions as well as the specific permissions, so anyone who has access to IT Services category in Service Catalog will see these items.

Resolution

Remove ServiceDesk.Services.Categories.It permissions entry from both of these Service Catalog Items.

Steps:

  1. Log into ServiceDesk Portal with an administrator user
  2. Navigate to Admin > Service Catalog Settings
  3. Go to IT Services category
  4. Click on the lightning bolt icon next to the Request Access to Network Share / Reset Password item and select Edit Form
  5. In permissions tab, remove the ServiceDesk.Services.Categories.It entry.

Note that after removing these, you will need to add the permissions mentioned above to the user groups that do need access to these forms.

This issue has been addressed in ServiceDesk 8.0 and newer.