3 Replies Latest reply on May 26, 2017 7:06 AM by andreas.lindner

    Window/field permissions by Role or Group

    cjschafer Apprentice

      So, what would be best practices to give users access to the Service Catalog, but only READ ONLY Access?  Not sure if we create new Roles for this Read Only group.  Also, not sure how you would set either the WIndow or the fields to read only if you are part of a certain role or group.  Again, not sure if this seems right.  Trying to be pointed in the right direction on how to configure that.


      • Read only access to Service Catalog (Catalogue Management).
      • Users will also be Analysts, so they will have more access when using the overall Service Desk module


      Any information will help out tremendously to get the ball rolling.

        • 1. Re: Window/field permissions by Role or Group
          andreas.lindner Expert

          Hi cjschafer,


          I'd prefer the following method:

          1. I set all permissions in Roles only.
          2. There are two windows for the services, one for the Analysts (attributes are writable if necessary), one for the EndUsers (all attributes read only).
          3. There is a view rule that will display the windows from above by user type.
          4. To publish the service items in the catalog, you can either use roles or groups or both.

          Then you should be set and good to go.



          • 2. Re: Window/field permissions by Role or Group
            cjschafer Apprentice

            Thanks Andreas,


            SO, I created a copy of the Service Window, renamed it so ServiceWindowRO, then I changed all the field values to a protection level of READ ONLY.



            Would this work?  I guess I am asking on how do I restrict certain users/roles so that they get this window instead of the SERVICEWINDOW that has more rights...........or am I going at this totally wrong.



            Where would I set the VIEW RULE at?


            Per IVANTI Support, they said this, which states it cannot be done:

                "There's no way to isolate the Service Catalog from the rest of Request Management, so if you were to remove the Write privileges from a role/group, that role/group would no longer be able to submit requests in the Service Catalog.  The Service Catalog operates by
            publishing via role or group and doesn't have specific privileges that you could allow a read-only view for. "



            • 3. Re: Window/field permissions by Role or Group
              andreas.lindner Expert

              Hi cjschafer,


              the supporters are quite right, there is no way to separate it using the permissions in your Roles. But you can show different windows to different Roles, Groups, User Types or even Users. So it might get you where you want with the downside that you may have to use and maintain multiple view rules. They can be set in the Window Manager.

              View Rules.png

              You can even copy your window again and set some attributes to read only and others to read/write and distribute them to different users. I think that will be the only option you have.

              There should be a description in the help section. Just take a look at help.ivanti.com and select the Service Desk section.