6 Replies Latest reply on Jul 11, 2014 9:27 AM by masterpetz

    Request for comment - Privileges for automatic actions

    Stu McNeill Employee

      Hi all,

       

      Some background

      Some of you may be aware of a limitation in how privileges are currently managed for actions.  The privilege for seeing and executing a manual action is stored separately to the privilege for being able to perform an action automatically however the privilege interface only shows one item that controls both.  This becomes an issue in the following scenario where you want your end users to be able to perform an action that in turn causes an automatic assignment, however you don't want them to see the "Add Assignment" action:

       

      Capture1.PNG

       

      In the above example your end users need the privilege for creating the automatic assignment otherwise they receive an error when attempting to escalate an incident.  However if you give them the Execute privilege for the "Add Assignment" action you are also giving them the manual action.

       

      We normally work around this by using a SQL script on the Service Desk database to change the two privileges separately, as detailed in this document: Hiding a manual action on an IPC whilst retaining the privilege for automatic actions (for example hide the "add assignm….  We're aware that this is cumbersome so are looking into ways we can solve this permanently.

       

      Our proposed solution

      After discussions with Support, Product Management and Engineering our proposed solution is to simply not require any privileges to perform an automatic action.  You would still need the privilege for the manual action that precedes the automatic action so we do not believe this change would cause any issues.  It means that in the above example you would need the privilege for the Escalate action but would not also need the Add Assignment privilege to be able to perform it.

       

      We would like to hear of any scenarios you can think of that you would intentionally want a manual action to fail because a user does not have the privilege to perform one of the automatic actions after it.

       

      Thanks

      Stu