How To: Understand the structure of privileges in the Service Desk database

Version 7
Created by Romain.Jusot on Apr 25, 2017 10:16 AM. Last modified by Romain.Jusot on Feb 13, 2018 1:56 PM.

    Verified Product Versions

    Service Desk 2016.xAsset Manager 2016.xService Desk 2017.x

    Requires Access To:

    • Database server
    • Service Desk console

     

    How To:

    This article is intended to understand how privileges are organised in the Service Desk database so as to help in some situations of troubleshooting.

     

    First things first:

    When a privilege is modified from the administration component in the console, it immediately modifies the value in the database without pressing the Save button. It will then set the right value for the relevant privilege of the role or group that is modified.

    Privileges in Administration.png

     

    Structure:

    The privileges configuration is defined byt the following tables in the database:

    • md_privileged_item, where is the definition of all the privileged items in Service Desk

    For instance, the Incident Task action "Add Note" has a related privileged item

     

    • tps_privilege, contains the values of privileges. This is where we know what privilege is enable or not (... for a specific group or role).
      Each value is of course associated with its privilege definition (md_privileged_item)

    • tps_privilege_collection, this table links a group or a role to a whole of privilege values.
      This table gives Service Desk the capacity to associate either a group or a role to a configuration of privileges.

     

    • tps_group or tps_role, which are the tables that store the definition of groups and roles in Service Desk.

     

    The global structure is represented below:

    LDSD_Privileges_Relationships_V2 (No text).png

     

    Summary and example:

    In this example, we want to amend a privilege of the role SelfServiceUser.

    We set the "Execute" privilege to true for "Modules > Incident Management > Process Related Object > Task Incident --> Add Note".

    Privileges in Administration.png

     

    Role (tps_role):

    In the database: the tps_role (role) entry "SelfServiceUser" has a link to its associated tps_privilege_collection (collection) entry.

    tps_guidtps_nametps_privilege_collection_guid
    8CF30EF0-B4EF-4BEA-860A-8177CF01B69BSelfServiceUserF70C5099-BC5F-418C-846E-1F7202F3F364

     

    Collection (tps_privilege_collection):

    The tps_privilege_collection table will simply store the list of existing collections for both roles and groups.

    tps_guid
    F70C5099-BC5F-418C-846E-1F7202F3F364

     

    Privilege Values (tps_privilege):

    In the tps_privilege table (the privilege value), there's a value change (...to 16) for the entry that is bound to the above role collection and to the privileged item "IncidentManagement.Task.Function.AddNote".

    tps_guidtps_item_guidtps_collection_guidtps_value
    C9343EB4-48D1-40B0-956D-31E3509C9AA389A1B087-6484-426A-809C-3FA4DFEA9599F70C5099-BC5F-418C-846E-1F7202F3F36416

     

    Privilege Definition (md_privileged_item):

    The above column "tps_item_guid" refers to the privilege definition in the md_privileged_item table:

    md_guidmd_name
    89A1B087-6484-426A-809C-3FA4DFEA9599IncidentManagement.Task.Function.

     

    Additional information:

    From the version 2016.1 of Service Desk, Test to Live doesn't transfer the privileges of existing groups and roles

    If a privilege has never been configured, it's deactivated by default and there will be no associated entry in the "tps_privilege" table. Changing this privilege for the first time will create a new entry in this table.