1 Reply Latest reply on Nov 30, 2018 5:06 AM by Parag Ghanekar

    Multi-tenancy access conundrum

    Parag Ghanekar
      Share This:

      I am bad at explaining it but let me give it a try. Please feel free to ask for clarification if unsure.

       

      We have multiple companies/business units within the company.

      Unit/Company A serves external Partners. And all external user profiles are in  A . Unit A has multiple support groups 10+ who all collaborate to fix issues, meaning currently they all have Incident Master, & work order Master permissions, allowing them to see tickets in other support groups.

       

      Unit B is for internal support, containing support groups for IT, and dev.

      Unit C is for HR & also has multiple support groups.

       

      Main Company is X which contains all employee User profiles. Now i wish to allow users to submit tickets to IT & HR using DWP/MyIT/SRM this is not an issue as i can create global SRD's and also create entitlements but they should not have access to the tickets, within X.

       

      If i dont give people access to X, the problem is that because all employees belong to X even the IT and HR people cant search for the users to log the ticket against manually. So thats a no go, as they might have had a request over the phone that they need to log.

       

      Now the best option i can think of is to remove Incident Master permission from everyone, and just keep incident user permissions, while also adding all the support groups to the users in Unit A as associate member, and assignment availability = No. This way they can see the tickets assigned to Any support group within unit A. And same applies to people belonging to support groups of Unit B & C.

       

      Is there a better way of restricting people from looking at tickets. For example changing the permissions on the Incident/Work Order/Requests so the users can search for users and log incidents/work orders for X, but can not search /modify the tickets if they dont belong to the support group the ticket gets assigned to?

        • 1. Re: Multi-tenancy access conundrum
          Parag Ghanekar

          Never mind. I found a way around it.

          I have removed incident master permissions from all users and then created a Parent group for all support groups in A and added that as a associated group to all users with assignment set to NO. This means now i can give them access to the company x and not worry about visibility of tickets other than their own. under X.