Highlighted
Absent Member.
Absent Member.
813 views

HPSM Secure assignment groups - hide assigned tickets from any user who is not a member of the group

Hi Experts,

Kindly provide me some idea to develop the below requirement.

Requirement :  

As a Business Application Owner, I want to be able to configure specific assignment groups so that any ticket assigned to that group is only visible to members of that group, so that organizational units with increased confidentiality requirements may use Service Manager to handle their tickets without exposing confidential data to non-authorized users.

Thanks in advance,

~ABD

 

0 Likes
2 Replies
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: HPSM Secure assignment groups - hide assigned tickets from any user who is not a member of the g

Service Manager has a concept of Mandants/Folders.  It segregates the application so that it becomes multi-tenant, where one group of users won't be able to interact with another group of users' transactional data.

Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: HPSM Secure assignment groups - hide assigned tickets from any user who is not a member of the g

There are multiple existing topics about Mandanten. 

http://community.hpe.com/t5/Service-Manager-Service-Center/how-does-scSecurity-group-or-Security-Groups-work/m-p/6140491/highlight/true#M101890

http://community.hpe.com/t5/Service-Manager-Service-Center/mandanten/m-p/5891157/highlight/true#M95985

For this scenario, there are several options:

  • Configure mandanten groups which exclude records for each controlled access assignment group. Note that depending on the number of groups which must be restricted, it may be simpler to create a separate exclusion group for each of those assignment groups.
  • Based on the operator's assignment group membership, assign the mandant groups to exclude those records to which the user should not have access. 
  • Alternatively, configure mandant restricting queries and call those. 

Note that the biggest challenge will be maintaining the operator-level mandanten filters (Security Groups array) as assignment group membership changes. I have automated that in the past by using format control to automatically assign mandanten based on a user's assignment group membership. 

You could also investigate using a calculated list of assignment groups to exclude is generated by login.DEFAULT.  This would simplify maintenance:

In login detault you could build the array as follows in calculations:

Calc Condition: true
Calc:     $lo.restrictAccessList = {}

Calc Condition: index("assignmentGroupName1", $lo.pm.assignments)=0
Calc: $lo.restrictAccessList = lo.restrictAccessList + {"assignmentGroupName1"}

Calc Condition: index("assignmentGroupName2", $lo.pm.assignments)=0
Calc: $lo.restrictAccessList = lo.restrictAccessList + {"assignmentGroupName2"}

Calc Condition: index("assignmentGroupName3", $lo.pm.assignments)=0
Calc: $lo.restrictAccessList = lo.restrictAccessList + {"assignmentGroupName3"}

Thenm use the result in your mandant restricting query:

not assignment isin $lo.restrictAccessList

Note: I haven't tested any of this, it's just a concept. You would need to build and test thoroughly in your DEV environment.

 

----------------------------------------------------
Kudos - what, where, how, and why
Want Good Answers? Ask Good Questions...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.