6 Replies Latest reply on Jan 29, 2013 11:02 AM by Don Savant

    'on behalf of' and e-signature

    Don Savant
      Share:|

      When granting 'on behalf of' rights to a user or group, their ability to submit a request for someone else effectively removes the consideration of an e-signature coming from SRM.  While that is acceptable for most requests, there are some that should only be submitted by certain individuals.  It is true that the system captures both Requested By and Requested For but realistically, they shouldn't be able to submit the 'restricted' SRD at all.  And although approvals might work, they would also create unnecessary work for those who don't use 'on behalf of'.

       

      Bottom line: has anyone learned of a way to prevent 'on behalf of'' rights for a specific SRD?

        • 1. Re: 'on behalf of' and e-signature

          Hello,

          You can create entilement rule for specific SRD.

          You can use Advance Qualification Builder to build entitlement rule for specific SRD.

          Regards,

          Sachin

          • 2. Re: 'on behalf of' and e-signature
            Ashwanth Padmanabhan

            Are you saying that

             

            Person A is there who is accessible to Service A, Service B and Service C(may be after the entitlement rule)...he can request them these services...now there is a Person B who is acting on behalf of A now...and now you are saying that if Person B tries to submit lets say Service A on behalf of A he shouldnt be able to do that???

             

            and Service A you want to make sure that it can not be requested through On Behalf Of rule?? well then this can not be controlled through configuration..coz if you see on behalf of rule setting talks about who can act on behalf of whome but it dint allow you to capture or tell you on what?? if what would have been there you could always choose your srds...

             

            now how to do it...i am just thinking through customization if the user clicking request on behalf of link from the left side request entry it will open the OBO:On Behalf Of Console...if he has selected a person we need to set a flag that On Behalf of is Yes and commit back to parent form...and when he submits a SR...may be we can pass this flag to SRM:Request form and over there if we can define a filter saying that if On Behalf Of flag is True and the SRD name is this and this...you fire an error message saying that this SRD can not be requested through On Behalf Of should be requested only directly...something like that....

            • 3. Re: 'on behalf of' and e-signature
              Don Savant

              Thanks for the feedback Sachin, unfortunately this can’t be handled by an entitlement rule because OBO rights effectively override entitlement.  What we’re after is way to suppress the SRD from appearing in the catalog when the current user is in OBO mode.

              • 4. Re: 'on behalf of' and e-signature
                Don Savant

                Thanks for the feedback Ashwanth.  Here’s the scenario:

                 

                Service A is used by supervisors to on-board their staff.  The act of submitting the request indicates their approval, only they can submit to ensure it’s their “e-signature” authorizing the action.  But some supervisors, not all, have supporting staff with ‘on behalf of’ rights to the supervisor for many services.  We don’t want those staff to be able to submit Service A on behalf of the supervisor.

                 

                So basically I’m looking to override OBO rights on some SRDs and not others.  I was hoping to do this through configuration but don’t think it can be done, as you say.  Besides the customization option you provided, I could also see suppressing the SRD from ever displaying in OBO mode.  In other words, the Service Catalog would not display SRD’s what some new flag set (i.e. not available when OBO is active).

                • 5. Re: 'on behalf of' and e-signature
                  Vaibhav Wadekar

                  Hi,

                   

                  Did you looked at the defect # SW00431785

                   

                  The OOTB implementation of On Behalf Of (OBO) is such that when you elect to submit on behalf of another person, you are not only allowed to submit requests for them, but you can also see any other request/ticket they have submitted.

                  +++++++

                  1. DROP/BUILD BUG OCCURS IN (IF PRE-RELEASE)

                  SRM 7.6.04, sp1, sp2

                   

                  2. STEPS TO REPRODUCE:

                     a) create OBO rules

                      b) submit a request OBO

                   

                  3. ACTUAL RESULTS:

                  The OOTB implementation of On Behalf Of (OBO) is such that when you elect to submit on behalf of another person, you are not only allowed to submit requests for them, but you can also see any other request/ticket they have submitted.  This can and does include cases related to sensitive HR matters.  We require an implementation that permits the ability to submit and optimally the ability to view what you've submitted for that person, but not anything you did not submit yourself.

                   

                  4. EXPECTED RESULTS:

                  You should not see the open requests which was not submitted by OBO user

                  +++++++

                   

                  It is fixed in sp4 and the fix is

                   

                  1. Modified the set fields action in the active link SRS:SRC:OBO_RequestOBOFields_Set,  changing the value for field 'z1D_SRD_UserQual' from:

                   

                       ((((((("(( '1000000338' = " + """") + $z1G_RequestedFor(OBO)LoginID$) + """") + ") OR ( '1000000337' = ") + """") + $z1G_RequestedFor(OBO)LoginID$) + """") + "))"

                   

                  to:

                       ((((((("(( '1000000338' = " + """") + $z1G_RequestedFor(OBO)LoginID$) + """") + ") AND ( '1000000337' = ") + """") + $USER $) + """") + "))"

                   

                  This ensures that only those requests submitted by the logged in user for the OBO user will be listed.

                   

                  2. Modifed filter SRS:MTX:MetricsCalculate by replacing:

                   

                       OR ('Requested By Login ID' = $RequestedFor(OBO)LoginName$))

                  with

                        AND ('Requested By Login ID' = $Submitter$))

                   

                  for all qualifications used in the various set fields actions.

                   

                  This is to ensure that the counts/metrics are listed correctly in the Service Request Console for the OBO requests.

                   

                   

                  Hope this helps.

                   

                  Regards/Vaibhav

                  1 of 1 people found this helpful
                  • 6. Re: 'on behalf of' and e-signature
                    Don Savant

                    Thanks for the suggestion Vaibhav, this would certainly help once we figure out how to stop the sensitive SRDs from being available to the OBO user.  Thanks! - Don