The access model is to grant access by accounts, profiles, and permission sets. Profiles and permission sets offer adequate flexibility to grant access.
While Profiles are indeed an option for managing access to Request Definitions, we use the out of the box profiles of Service Desk Client and Service Desk Staff for all employees, so we do not have specific profiles for each department. I would prefer to avoid maintaining a large number of custom profiles since they are not automatically updated with Remedyforce releases.
Is there a straightforward method for managing permission set management based on a User record attribute such as the Department field? Or would it require an involved Flow process to add or remove staff from different sets when this value changes?
Does this mean there is no current way to configure Account membership dynamically and it must be managed manually?
1 of 1 people found this helpful
We use custom permission sets for this. We just create empty permission sets, title them accordingly (Audit, Equipment Return, Vulnerability Action, etc..) assign them to the folks we want to have permissions to the requests in question and then set the entitlements on the Request Definition. It works for us but I do wish we could set by Queue or Cost Center.
Hope that helps.
That seems like a sensible way to manage who can access different requests, thank you for the suggestion. I take it you have to manually maintain membership in each of these permission sets, correct?
Yes, that is correct. Would be nice to have a note field on each Queue where we add and remove members. We could put reminders on things like this so we don't forget.