The behavior of the OBO (On-Behalf-Of) permissions has changed in SRM 8.0. According to the documentation and after verifying by several tests the following behavior is implemented:
"Users acting on behalf of another user can only view requests that they submitted on behalf of that person, and not requests submitted by the user or requests submitted by others on behalf of the user."
There should be a new configurable OBO option to see requests of persons in the own company or organization or department. Or a feature like the "Alternate" for approvals should be implemented for SRM requests.
The same applies to MyIT.
Service Providers usually have several customers defined as companies in ITSM. The employees of those customers are not able to see the requests their colleagues from the same company have submitted. But this is a standard requirements, when Multi.Tenancy is used to serve external customer companies.
Security concerns seemed to bring this change to SRM implementation. Because of this I would prefer a configurable option instead of a hard-coded permission model.
Think about the following uses case.
"BestService" company is a service provider for several different customers. One of them is "ABC Corp."
Mr. Smith from customer company "ABC Corp." has submitted the original request (or has reported an issue) for himself, but then is not available for a period of time (illness, vacation, you name it).
Mrs. Miller from customer company "ABC Corp." is a colleague of Mr. Smith in the same department.
She is aware of the reported issue and is waiting for a solution (answer). But in her SRM console she will never be able to see the requests of Mr. Smith. Any request for information or update sent to Mr. Smith by the support staff at "BestService" using Work Info will only be visible in the console of Mr. Smith. But Mrs. Miller will never know about the communication, Support staff will receive no reaction and both sides are wondering about the status of the request. As it seems from the SRM perspective customers are looked at as individuals only and not as companies (or organizations or departments) as a whole.
At BMC support, when a user is entitled for the same support-id, he or she will be able to see all submitted requests. Why is such a feature not available in SRM 8.0 and above or in MyIT?