I had a request today for someone to be able to view incidents in groups they are a part of but no ability to edit them. Basically an end user that can login and see tickets to certain groups but no other permissions. I figure the eaisest way to do this would be to create a differnt role, but before I tried to do this I wanted to check with the community and hear your thoughts?
Are you talking about this person using Self Service, just to clarify?
If so, as far as I can see there are no out of the box view only roles, so you would have to go through th pain of creating one from scratch with the appropriate priviledges.
If you are talking about giving them an analyst account then again, you'd have the same issue. There's no out of the box role for this.
Hope that helps.
On more recent versions of Service Desk you should be able to copy a role first and then modify it to suit your requirement. The Copy Role action will be available within Administration when you highlight a role. Note: By design, you can't copy the Administrators role but can on any others.
If it is a case of making the incident window read only you could instead copy the window, change all the attribute properties to readonly, and then publish this via window view rules to that one user. This will mean that they will be able to perform actions on the incident that their role gives them but can't edit the window that you modified.
If you are doing this within Self Service you could just create a new shortcut group and publish that shortcut to only the person who needs to see that information. Add some queries for the data they need to see and that should work. If they are and End User type, they should only have Read Only access to Incident information with the exception of creating one (unless additional perms have been given). I've done this several times in the past for Management that only needed to see ticket data. You can also set various queries in Self Service to not launch when clicked on. This way they can really only see what's happening.
If this isn't what you need, I agree with Karen about just copying a similar role and adjusting the permissions.
Hope this helps.