Share This:

Overview

 

All companies have certain departments that provide services to the company’s employees. Typically, such departments are IT, Facilities, HR, Legal, Finance and a few others. Each department has a team that fulfills service requests for that department only. Certain departments, such as HR, often have service requests that are of a confidential nature. It is in the interest of the confidentiality of such requests that companies want to be able to have multiple service desks serve their employees for their respective service requests. Each service desk should have access to their department’s service request definitions, but not those of others.

 

Hence to address this pain point of staff users, BMC Helix Remedyforce Summer 19 release has now provided the ability to configure the request definition entitlement for Remedyforce Console and the Analyst mobile application. Through this configuration administrators can control the visibility of request definitions based on the account and profile/permission sets. For example, a staff belonging to the HR department can be restricted from viewing the request definition related to the Finance department or vice versa.

 

How to configure staff entitlement

 

Previously there was no option to configure the entitlement of request definition for Remedyforce Console and the Analyst mobile application. Configured entitlements for request definition was applicable for Self Service by default.

Summer 19 onwards, you will get an option Configure entitlement for, to configure the entitlement for Remedyforce Console and Self Service. You can access the option under Remedyforce Administration > Configure Application > Request definition and going to the Entitlement tab of the required request definition.

 

Note that any configuration made under the Remedyforce Console option will be applicable in Remedyforce Console as well as in the Analyst mobile application

 

How to configure accounts and profile/permission sets for entitlement

 

By default, the request definition is available to all users. To configure the request definition entitlement for the selected accounts and profile/permission sets, consider the following steps:

ü  Configure an account

        • Under Show request definition to, select Everyone or Selected Accounts option to configure the entitlement based on account. If you select the Selected Accounts option, then select some accounts from the Available Accounts list.
        • Note that All Accounts option is renamed as Everyone.

ü  Configure profile or permission set

        • Under Within Everyone or Selected Accounts, show request definition, select the required option. If you select Users of selected profiles or Users of selected permission sets, then select required profiles or permission sets from the available list.

Based on the configurations of accounts and profile/permission sets, request definitions will be visible to the logged in user.

 

The following screen shows the request definition entitlement configuration page.

Entitlement Configuration.PNG

Consider the following examples:

·        Flyn Walter belongs to the Acme account and profile as HR Manager

·        Sion Moore belongs to the Global Media account and profile as Finance Staff

 

The following table shows the request definition visibility to users based on different configurations.

 

Account Configuration

Profile/Permission set configuration

Visibility of request definition to User (who has linked account)

Everyone

Selected Account

All Users

Selected profiles

Selected Permission set

 

 

 

 

 

 

Visible to all users

 

 

 

HR Manager, Finance Manager, Finance staff

 

Visible to Flyn Walter and Sion Moore.

Also visible to those users who have HR Manager, Finance Manager, or Finance staff profiles

 

 

 

 

Maintenance Administrator

Not visible to Flyn Walter or Sion Moore,

Visible to only those users who have the Maintenance Administrator permission set assigned.

 

Acme, Gene point

 

 

 

Visible to Flyn Walter.

Also visible to users of Acme and Gene Point accounts.

 

Acme, Global Media

 

Finance Staff, Finance Customer

 

Visible to Sion Moore.

Also visible to users of Acme and Global Media accounts along with Finance Staff or Finance Customer profile

 

Acme, Global Media, Gene point

 

 

Health Corporator, Medical University Administrator 

Not visible to Flyn Walter or Sion Moore.

Visible to users of Acme, Global Media and Gene point accounts along with Health Corporator or Medical University Administrator permission set.

What happens when logged in user do not have a linked account

 

When a user is not linked to an account, the entitlement will be based on the setting Restrict entitlement for users who do not have a linked account, which is available under Remedyforce Administrator > Application setting > General Application Setting.

 

With respect to this setting, the entitlement will be as follows:

  • When Restrict entitlement for users who do not have a linked account setting is enabled and account configuration is set to:
    • Everyone: Visibility of request definition depends on the profile and permission set settings.
    • Selected Account: Request definition will not be visible.
  • When Restrict entitlement for users who do not have a linked account setting is not enabled and account configuration is set to:
    • Everyone: Visibility of request definition depends on profile and permission set settings.
    • Selected Account: Visibility of request definition is depending on profile and permission set assignment setting.

 

Please refer below table for more clarification

 

Everyone (All Account)

Selected Account

Setting: Restrict entitlement for users who do not have a linked account

Access of request definition to user who do not have account linked to it

 

-

 

Visibility is depending on profile or permission   set configuration

 

-

False

Visibility is depending on profile or permission   set configuration

-

 

 

Not Visible.

-

 

False

Visibility is depending on profile or permission   set configuration

Note that these changes are applicable throughout the product where request definition entitlement is honored.

 

How to restrict the record access of the non-entitled service request

 

To add an icing on the cake, in addition to entitlement configuration, ability to restrict the access to service request is provided. To avail this functionality, administrators can select the checkbox Restrict access of service requests to users who do not have entitlement to the underlying SRDs from the Entitlement tab of request definition. As of now, this setting is available only for Remedyforce Console configuration option.

Once this setting is enabled and if the logged in user is not entitled to request definition, then created service request of the respective request definition will not be visible from Remedyforce Console and Analyst mobile application. However if the user tries to open the service request, an error message is displayed on Console and the Analyst mobile application.

 

Where the Remedyforce console configuration changes are applicable

 

After the entitlement configuration, logged in user will see only the entitled request definitions. The entitlement request definition is honored in the following areas.

  1. Remedyforce Console > Incident/Service Request > Request definition lookup field
  2. Remedyforce Console > Incident/Service Request > Typeahead result of request definition lookup field
  3. Analyst mobile application > Incident > Request definition lookup field (if this field is added in field set)

 

Considerations

 

  1. Any existing entitlement configuration prior to this release will be applicable only for Self Service, and it will be displayed on selecting Self Service option from Configure entitlement for.
  2. By default, all the request definitions will be visible to Remedyforce Console and the Analyst mobile application.
  3. Entitlement will not be applicable for any custom request definition lookup created on incident or service request form.

 

Settings applicable for this feature

 

  • To configure entitlement for Remedyforce Console and the analyst mobile application
    • Remedyforce Administration > Configure Application > Request definition > Entitlement tab of Request definition
  • To restrict the access of service request of non-entitled request definition > Select Remedyforce Console option in Configure entitlement for of Request definition record
    • Remedyforce Administration > Configure Application > Request definition
  • To restrict request definition for users who do not have a linked account
    • Remedyforce Administrator > application setting > General application setting > Restrict entitlement for users who do not have a linked account

 

References

 

Thank you for reading this blog. I look forward to hear your thoughts, feedback after using this feature, and any enhancement you would like to see around this feature. If you need further information, you can refer following links:

 

  1. https://docs.bmc.com/docs/display/remedyforcemaster/.Creating+and+configuring+an+SRD+v2019.02
  2. https://docs.bmc.com/docs/display/remedyforcemaster/.General+settings+for+Remedyforce+v2019.02
  3. https://communities.bmc.com/ideas/19469