You can create entilement rule for specific SRD.
You can use Advance Qualification Builder to build entitlement rule for specific SRD.
Are you saying that
Person A is there who is accessible to Service A, Service B and Service C(may be after the entitlement rule)...he can request them these services...now there is a Person B who is acting on behalf of A now...and now you are saying that if Person B tries to submit lets say Service A on behalf of A he shouldnt be able to do that???
and Service A you want to make sure that it can not be requested through On Behalf Of rule?? well then this can not be controlled through configuration..coz if you see on behalf of rule setting talks about who can act on behalf of whome but it dint allow you to capture or tell you on what?? if what would have been there you could always choose your srds...
now how to do it...i am just thinking through customization if the user clicking request on behalf of link from the left side request entry it will open the OBO:On Behalf Of Console...if he has selected a person we need to set a flag that On Behalf of is Yes and commit back to parent form...and when he submits a SR...may be we can pass this flag to SRM:Request form and over there if we can define a filter saying that if On Behalf Of flag is True and the SRD name is this and this...you fire an error message saying that this SRD can not be requested through On Behalf Of should be requested only directly...something like that....
Thanks for the feedback Sachin, unfortunately this can’t be handled by an entitlement rule because OBO rights effectively override entitlement. What we’re after is way to suppress the SRD from appearing in the catalog when the current user is in OBO mode.
Thanks for the feedback Ashwanth. Here’s the scenario:
Service A is used by supervisors to on-board their staff. The act of submitting the request indicates their approval, only they can submit to ensure it’s their “e-signature” authorizing the action. But some supervisors, not all, have supporting staff with ‘on behalf of’ rights to the supervisor for many services. We don’t want those staff to be able to submit Service A on behalf of the supervisor.
So basically I’m looking to override OBO rights on some SRDs and not others. I was hoping to do this through configuration but don’t think it can be done, as you say. Besides the customization option you provided, I could also see suppressing the SRD from ever displaying in OBO mode. In other words, the Service Catalog would not display SRD’s what some new flag set (i.e. not available when OBO is active).
1 of 1 people found this helpful
Did you looked at the defect # SW00431785
The OOTB implementation of On Behalf Of (OBO) is such that when you elect to submit on behalf of another person, you are not only allowed to submit requests for them, but you can also see any other request/ticket they have submitted.
1. DROP/BUILD BUG OCCURS IN (IF PRE-RELEASE)
SRM 7.6.04, sp1, sp2
2. STEPS TO REPRODUCE:
a) create OBO rules
b) submit a request OBO
3. ACTUAL RESULTS:
The OOTB implementation of On Behalf Of (OBO) is such that when you elect to submit on behalf of another person, you are not only allowed to submit requests for them, but you can also see any other request/ticket they have submitted. This can and does include cases related to sensitive HR matters. We require an implementation that permits the ability to submit and optimally the ability to view what you've submitted for that person, but not anything you did not submit yourself.
4. EXPECTED RESULTS:
You should not see the open requests which was not submitted by OBO user
It is fixed in sp4 and the fix is
1. Modified the set fields action in the active link SRS:SRC:OBO_RequestOBOFields_Set, changing the value for field 'z1D_SRD_UserQual' from:
((((((("(( '1000000338' = " + """") + $z1G_RequestedFor(OBO)LoginID$) + """") + ") OR ( '1000000337' = ") + """") + $z1G_RequestedFor(OBO)LoginID$) + """") + "))"
((((((("(( '1000000338' = " + """") + $z1G_RequestedFor(OBO)LoginID$) + """") + ") AND ( '1000000337' = ") + """") + $USER $) + """") + "))"
This ensures that only those requests submitted by the logged in user for the OBO user will be listed.
2. Modifed filter SRS:MTX:MetricsCalculate by replacing:
OR ('Requested By Login ID' = $RequestedFor(OBO)LoginName$))
AND ('Requested By Login ID' = $Submitter$))
for all qualifications used in the various set fields actions.
This is to ensure that the counts/metrics are listed correctly in the Service Request Console for the OBO requests.
Hope this helps.
Thanks for the suggestion Vaibhav, this would certainly help once we figure out how to stop the sensitive SRDs from being available to the OBO user. Thanks! - Don