5 Replies Latest reply on Aug 6, 2020 4:12 PM by John Wisdom

    Dynamic membership for Accounts

    Chris Troyer
      Share This:

      Greetings,

       

      As we add more Request Definitions to our self service portal there are some we would like to restrict. Remedyforce permits you to grant access based on Accounts and Profiles. Is it possible to control Account membership dynamically, such as based on the Department field on a user profile, e.g. all users in the Human Resources department are automatically members of the Human Resources account?

       

      I have not seen an obvious way to accomplish this in Remedyforce Administration. I am not keen on manually updating group memberships when employees move around the organization.

       

      Thank you,

       

      Chris

        • 1. Re: Dynamic membership for Accounts
          Nikhil Deshpande

          The access model is to grant access by accounts, profiles, and permission sets. Profiles and permission sets offer adequate flexibility to grant access.

          • 2. Re: Dynamic membership for Accounts
            Chris Troyer

            Hello Nikhil,

             

            While Profiles are indeed an option for managing access to Request Definitions, we use the out of the box profiles of Service Desk Client and Service Desk Staff for all employees, so we do not have specific profiles for each department. I would prefer to avoid maintaining a large number of custom profiles since they are not automatically updated with Remedyforce releases.

             

            Is there a straightforward method for managing permission set management based on a User record attribute such as the Department field? Or would it require an involved Flow process to add or remove staff from different sets when this value changes?

             

            Does this mean there is no current way to configure Account membership dynamically and it must be managed manually?

             

            Thank you,

            Chris

            • 3. Re: Dynamic membership for Accounts
              John Wisdom

              We use custom permission sets for this. We just create empty permission sets, title them accordingly (Audit, Equipment Return, Vulnerability Action, etc..) assign them to the folks we want to have permissions to the requests in question and then set the entitlements on the Request Definition. It works for us but I do wish we could set by Queue or Cost Center.

               

              Hope that helps.

              1 of 1 people found this helpful
              • 4. Re: Dynamic membership for Accounts
                Chris Troyer

                Hi John,

                 

                That seems like a sensible way to manage who can access different requests, thank you for the suggestion. I take it you have to manually maintain membership in each of these permission sets, correct?

                • 5. Re: Dynamic membership for Accounts
                  John Wisdom

                  Hello Chris

                   

                  Yes, that is correct. Would be nice to have a note field on each Queue where we add and remove members. We could put reminders on things like this so we don't forget.

                   

                  Good luck.