How ServiceDesk Permissions Work
A custom ServiceDesk group will, by default, not have very many permissions. When a custom group is created, the "Copy Permissions From Group" option can be specified, which will copy group permissions from the specified group to the custom group. However, this does not copy page, report, or object permissions. These must be manually specified by the administrator afterwards. This will result in users in this custom group not seeing certain tabs in Process Manager, not seeing reports, etc., because other areas that permissions are in were not set.
There are several areas in ServiceDesk where permissions are located at. Most can be configured, but some cannot (as designed). These include:
Please Note: Symantec Technical Support does not have a list of what permissions need to be set manually to reproduce the exact behavior of an out of box group, such as Support I. If a custom group does not see certain areas or is unable to access these, use this article as a guide to add the appropriate permissions.
Warning: Out of box user and group permissions should never be changed, especially the [email protected] account and the Administrators group. Doing so may result in the inability to see or use parts of ServiceDesk and may require a reinstall of the product to resolve.
How to Add User and Group Permissions
Normally user and group permissions do not need to be changed. The only exception to this is when creating a new group, if it is to work similarly to another group, ensure that "Copy Permissions From Group" is used. As noted, this will only copy the group permissions, not any of the other permission types listed below.
User and group permissions can be accessed by going to the Admin menu > Users > Manage Users or List Groups. Edit the user or group to change their permissions.
How to Add Page Permissions
Web page permissions, such as for the Tickets tab, for groups must be manually set by editing each page’s permissions list.
How to Add Report Permissions
Report permissions are not inherited by page or tab permissions, even if the folder, such as Incident Management, is granted access to the custom group. Each report must be individually permitted along with its parent folder. This may necessarily result in a fair amount of work to set all needed reports to be accessible by custom groups.
How to Add Service Catalog Permissions
Service Catalog permissions may need to be set if the users that are part of the custom group need access to certain web parts. For example, Submit Request > Service Catalog.
How to Add Process View Permissions
When viewing a ticket, permissions may be needed to be able to see and use commands, such as Work Tasks Assigned To Other. A minor customization of the SD.IncidentManagement project is needed to accomplish this. This is described in more detail in the following article:
How to add permissions to the process view of a ServiceDesk ticket
http://www.symantec.com/business/support/index?page=content&id=HOWTO38236
How to Add Object Permissions
Object permissions refer to specific areas in ServiceDesk where permissions, when editing the object, can be manually specified. For example: A Knowledge Base Category can have its own unique permissions. Edit the object and add/remove permissions as needed based on the requirements of the custom group.
Unexposed Permissions
Certain permissions in ServiceDesk are not exposed to the user. These are built into Process Manager and cannot be changed. For example: The Knowledge Base Category "Default Article Category" is only explicitly enabling the [email protected] user to use or view it, however, the Administrators group can too, even though it's not specified for the object's permissions.
Walkthroughs
How to enable the Technician Dashboard to be used by custom groups
http://www.symantec.com/business/support/index?page=content&id=HOWTO26162
Troubleshooting
Error "Error Occurred Displaying Report" when trying to view a report or a webpart that has a report
http://www.symantec.com/business/support/index?page=content&id=TECH144012