Last week we performed a change in the authorization concept in SOI.
That means, we have created several new groups, set the corresponding permissions, and assigned the users to their groups.
Some of the new groups should only handle alerts via Alerts Queues and should not see any services.
Therefore we removed access to all services from these groups.
After the migration of the users we were informed, that for some alerts, it was not possible anymore to create a ticket nor to acknowledge or clear them.
In our investigation, we found, that the situation only occurred for alerts, for which a service is impacted.
For any alert, which is not impacting any service, the options to create a ticket, acknowledge, or clear an alert were available.
Thus we had to grant access to the services for those groups, too. Otherwise, they won't be able to escalate alerts, which are impacting service.
What we would like to know is, if this behavior is functioning as designed.
Or should it be possible to take any action on an alert that is impacting a service, even if the user does not have access to the affected service?
Release : SOI 4.2
This is happening because the customer have removed all the access from groups.
Giving back all accesses to the groups resolves this issue.
The access is needed for the group to be able to see the action for the user.