9 Replies Latest reply: Jun 26, 2009 4:20 PM by Purkka RSS

Best Practice Managing Users in AR System

marcelo

I would like to know what is the best practices to manage users in the AR System.

 

Scenario:

Everyday, I receive emails from our network admins of the LAN user accounts that have been deleted. I want to revoke access to the AR System without losing the Remedy tickets that have entered, or tickets they have called in. Obviously, some of these people will be IT support staff and some will be regular users.

 

Questions:

1. If a user leaves the company, Should I delete their AR System access via the “AR System Admin Console” or the “Application Admin Console”

2. in the Application Admin Console, what is the difference with all the statuses? (Proposed, Enabled, Offline, Obsolete, Archive, Delete)

3. If I change a user’s status to Disabled via the “AR System Admin Console”, can they still log in via Remedy User Tool? Or can tickets be created with their ID in the "Requester" field?

4. Are there any whitepapers explaining user accounts?

 

Thank you,
Marcelo

  • 1. Re: Best Practice Managing Users in AR System
    Rakesh Jajper

    Hi Marcelo,

     

    I'll suggest whenever a you want to delete the User do it in this fashion:

     

    1. If you have installed ITSM delete the user from People form (Application Administration Console>Custom Configuration Tab>Foundation>People) by setting the status as "Delete".

        Make it as Non-Support Staff. And remove all the Permissions from the Application Permission Area (Login/Acces DetailsTab). And grant him Read License.

        Otherwise from the User form (AR System Administration Console).

    2. There is a significant differnces between all the Status values:

        Proposed: After Creation and Before enbaling the user an approval is required, during this User would be in Proposed Status.

        Enabled: Once the User gets approved it would be set as Enabled.

        Offline: If for certain duration User is unavailable then we set it as Offline

        Obsolete: Status value between Offline and Delete.

        Delete: If the User record is no longer required then set it as Delete.

     

    3. If we change the User as Disabled they will still able to Login with system and they can create the request. Because this conditions are not specified in anywhere in the workflows.

     

     

    Regards,

    Rakesh

  • 2. Re: Best Practice Managing Users in AR System
    Björn Calabuig

    Marcelo,

     

    Administering users could be an awful work and, as you says, every day you are receiving emails for deleting some of them, maybe also changing their organizational information, their support groups information, etc.

     

    This can take you a nice amount of your daily time.

     

    Maybe in your Company users information (Organizational Structure information) is managed via LDAP.

    If so, you would have a large amount of work done in Remedy ITSM 7, developing an integration between Remedy ITSM and LDAP.

     

    Developing some forms and workflow, you would be able to automatically populate these kind of information in their respective forms in ITSM7.

    Also, any change on a user's organizational information, could be reflected in ITSM7.

     

    With such an integration, you could also mantain the organizational information itself (I mean, for example, when a new Company/Organization/Site is created in LDAP, this integration could create this information in ITSM7).

     

    You could also mantain specific Support Group information for users that are technicians (Support Group(s) the user belongs to, Notification language based on the Company he belongs, License Type,...)

     

    On the other hand, it must be said, that the workflow to achieve this is not trivial. You'd have to take into consideration many factors and how deep you want to integrate, for example, in your case, when a user doesn't exists any more in LDAP, you'd have to delete his information in many forms...

     

    And more complicated things:

    - when a Company changes its name in LDAP, you'd have to propagate to all the users that belong to the old Company name, the new one

      (the same for a Site or Organization)

     

    - and... what if you have CI's on a CMDB, and a change in some organizational information in LDAP happens? Again, you'd have to propagate these change to all CI's also.

     

    As you can see, there are many benefits integrating with LDAP and maybe, in a future, you could take into consideration this information.

     

    Kind Regards,

    Björn.

  • 3. Re: Best Practice Managing Users in AR System
    Purkka

    Björn, do you have such a LDAP integration, you described, running in your environment?

     

    In the ITSM7's latest patch, there is wonderfull improvement available:  A Data Management Console has functionality for changing user's loginID, updating organization changes and so far. You do not need anymore to worry about where to update changed information.

     

    I recently planned an "automated foundation data updating solution" which will be developed during a first qtr of 2009.

     

    -matti-

  • 4. Re: Best Practice Managing Users in AR System
    Björn Calabuig

    Hi Purkka (matti),

    One of our customers has a "cutted" version of this integration running.

     

    All user change or organization structure information change is automatically refreshed in ITSM7.

    But, as far as now, CI's are not integrated.

     

    The customer's environment info is:

     

    Windows Server 2003 Enterprise Edition con SP1
    SQL Server 2005 Enterprise Edition

    ARS 7.00.01 (patch 004)
    Assignment Engine
    CMDB 2.0.1  (patch 003)
    CI Viewer 7.0.1 (patch 005)
    Incident Management 7.0.02 (patch 005)
    IM+TMS AddOn 9002
    Problem Management 7.0.02 (patch 005)
    Mid-Tier (IIS6+New Atlanta+SDK1.4.2) (patch 004)
    Clients (Admin & User) (patch 004)
    Email Engine (patch 004)

     

    In my case, all users maintenance is done via LDAP and replied to ITSM.

    Remedy Administrator's need only to take care of specific people's information (Support Groups they belong, License Types, Notification Language,...).

     

    Regarding to this Data Management Console you exposed, it would be nice to see how it works!

     

    Best Regards,

    Björn.

  • 5. Re: Best Practice Managing Users in AR System
    Purkka

    Thanks a lot for that very interesting information.

     

    Have you faced such a slowless (15-30 seconds response time) in your environment?

  • 6. Re: Best Practice Managing Users in AR System
    Rakesh Jajper

    Hi,

     

    Yes we have also faced the same issue then we have adopt the steps which I have written earlier.

    But If you are still facing the performance issue you might have to increase the server's hardware configuration.

     

    Or apply the latest patch available for Incident Management. But I'm not sure it will work.

     

    Regards,

    Rakesh

  • 7. Re: Best Practice Managing Users in AR System
    Björn Calabuig

    Hello All,

    Yes, we have also had "bad moments".

     

    I've forgot to say that the aforementioned Customer runs its Production Server on a VMWare.

    ARS+BBDD+MidTier all running on same machine.

     

    Users experienced delays the most of the times when opening Overview Console or Incident Management Console.

    Also when clicking on New Incident or Search Incident (from within Incident Management Console).

     

    We could solve the problem increasing the number of CPUs assigned to the VMWare.

    Now its running with 2 CPUs and 4 GB RAM.

     

    Kind Regards,

    Björn.

  • 8. Re: Best Practice Managing Users in AR System
    marcelo

    User form = ARS Users

    People form = ITSM

  • 9. Re: Best Practice Managing Users in AR System
    Purkka

    I will be out of the office till 20.07.2009 due to my vacation. For urgent matters, please contact henri.karell@logica.com, tel. + 358 (400) 572288 or mikko.juola@logica.com, tel. +358 (50) 3947724.

    With best regards

    Matti Purojärvi