Disallow privilege to add assignment while allowing automatic assign in change process

Version 1
    Question

    If you remove the Execute privilege for Assign action on Change, this also prevents the End user from progressing a change through an automatic assignment in the change process - (authorisation error).

    Answer

    You can do this by granting Execute, Read & Update privilege to the Role for Assignment under Change Management, Process Related Objects, Change. This will allow Create & Execute privilege. Then run the following SQL Server statement against your database (replacing Analyst with the correct Role Name), to disallow it as an action:

     

    UPDATE    tps_privilege

    SET              tps_value = 0

    WHERE     (tps_item_guid IN

                              (SELECT     md_guid

                                FROM          md_privileged_item

                                WHERE      md_name = 'ChangeManagement.Change.Function.Assign')) AND (tps_collection_guid IN

                              (SELECT     tps_privilege_collection_guid

                                FROM          tps_role

                                WHERE      tps_name = 'Analyst')) -- Replace 'Analyst' with the correct Role name

     

    Make sure that you have a full backup before running and test before applying live.  Also, you may need to run IIS reset for changes to take effect.

    Environment

    ITBM 7.1 and above