How to add permissions to a ServiceDesk custom group

book

Article ID: 179894

calendar_today

Updated On:

Products

ServiceDesk

Issue/Introduction

 

Resolution

How ServiceDesk Permissions Work

A custom ServiceDesk group will, by default, not have very many permissions. When a custom group is created, the "Copy Permissions From Group" option can be specified, which will copy group permissions from the specified group to the custom group. However, this does not copy page, report, or object permissions. These must be manually specified by the administrator afterwards. This will result in users in this custom group not seeing certain tabs in Process Manager, not seeing reports, etc., because other areas that permissions are in were not set.

There are several areas in ServiceDesk where permissions are located at. Most can be configured, but some cannot (as designed). These include:

  • User permissions
  • Group permissions
  • Page/tab permissions
  • Report permissions
  • Service Catalog permissions
  • Process View permissions
  • Object permissions
  • Unexposed permissions

Please Note: Symantec Technical Support does not have a list of what permissions need to be set manually to reproduce the exact behavior of an out of box group, such as Support I. If a custom group does not see certain areas or is unable to access these, use this article as a guide to add the appropriate permissions.

Warning: Out of box user and group permissions should never be changed, especially the [email protected] account and the Administrators group. Doing so may result in the inability to see or use parts of ServiceDesk and may require a reinstall of the product to resolve. 

How to Add User and Group Permissions

Normally user and group permissions do not need to be changed. The only exception to this is when creating a new group, if it is to work similarly to another group, ensure that "Copy Permissions From Group" is used. As noted, this will only copy the group permissions, not any of the other permission types listed below.

User and group permissions can be accessed by going to the Admin menu > Users > Manage Users or List Groups. Edit the user or group to change their permissions.

How to Add Page Permissions

Web page permissions, such as for the Tickets tab, for groups must be manually set by editing each page’s permissions list.

  1. In Process Manager logged in as an administrator, click on the Site Actions button > Page List.
  2. The main pages are listed in the Pages List column. Select any that are to be modified.
  3. Click on the Edit Page button.
  4. Click on the Permissions tab.
  5. Click on the Add New Permission button. Note: Existing group and user permissions can be modified by clicking on the Edit button.
  6. Select Group from the Permission Type drop down field.
  7. Click on the Pick button.
  8. Select the custom group by clicking on its Select link.
  9. Click on the X under the Allow column for "Can view page". This changes to a checkmark.
  10. Click on the Add button.
  11. Click on the Save button.
  12. Log out of Process Manager and then in as a user who is part of the custom group. They should now see the specified page/tab.
  13. Repeat these steps for any other page or tabs to be set to be viewable or editable. If it is unsure what permissions should be added, view the permissions for the original group and then set these accordingly in the custom group. Note: The above steps for this section are needed to enable any custom group to be able to submit requests from the Submit Request page or view/edit existing tickets on the Tickets page. 

How to Add Report Permissions

Report permissions are not inherited by page or tab permissions, even if the folder, such as Incident Management, is granted access to the custom group. Each report must be individually permitted along with its parent folder. This may necessarily result in a fair amount of work to set all needed reports to be accessible by custom groups.

  1. While logged into Process Manager as an administrator, click to the Reports tab.
  2. The main reports are listed in the Report Categories column. Select a category to be modified.
  3. Click on the action button for Incident Management and choose Permissions.
  4. Follow steps 5 through 11 from the How to Add Page Permissions section.
  5. Repeat steps 2 through 4 from this section for any other report categories to be set to be viewable or editable.
  6. Click on the action button for any report and choose Permissions.
  7. Follow steps 5 through 11 from the How to Add Page Permissions section.
  8. Repeat steps 6 through 7 from this section for any other reports to be set to be viewable or editable.

How to Add Service Catalog Permissions

Service Catalog permissions may need to be set if the users that are part of the custom group need access to certain web parts. For example, Submit Request > Service Catalog.

  1. While logged into Process Manager as an administrator, click on the Admin tab > Service Catalog Settings.
  2. Select from the Browse Category panel the service catalog that is to be changed.
  3. Edit the catalog entry to be changed.
  4. Click on the Permissions button.
  5. Click on the Add New Permission button to add a new user or group.
  6.  Add the appropriate permissions and then click on the Add button.
  7. Click on the Save button. Note: The above steps for this section are needed to enable any custom group to be able to submit an advanced ticket on the Submit Request page.

How to Add Process View Permissions

When viewing a ticket, permissions may be needed to be able to see and use commands, such as Work Tasks Assigned To Other. A minor customization of the SD.IncidentManagement project is needed to accomplish this. This is described in more detail in the following article:

How to add permissions to the process view of a ServiceDesk ticket
http://www.symantec.com/business/support/index?page=content&id=HOWTO38236

How to Add Object Permissions

Object permissions refer to specific areas in ServiceDesk where permissions, when editing the object, can be manually specified. For example: A Knowledge Base Category can have its own unique permissions. Edit the object and add/remove permissions as needed based on the requirements of the custom group.

Unexposed Permissions

Certain permissions in ServiceDesk are not exposed to the user. These are built into Process Manager and cannot be changed. For example: The Knowledge Base Category "Default Article Category" is only explicitly enabling the [email protected] user to use or view it, however, the Administrators group can too, even though it's not specified for the object's permissions.

Walkthroughs

How to enable the Technician Dashboard to be used by custom groups
http://www.symantec.com/business/support/index?page=content&id=HOWTO26162

Troubleshooting

Error "Error Occurred Displaying Report" when trying to view a report or a webpart that has a report
http://www.symantec.com/business/support/index?page=content&id=TECH144012