Hello,
I'm trying to setup our iTop instance (2.0.3) and I'm stuck with user permissions ...
There are two organizations Org1 and Org2, and about ~100 users. Users are organized in three groups:
technicians: 3 users
research: 3 different users.
general: all of them (100).
I want to allow all users to act as "Portal Users" so they can open requests and be assigned to technicians or researchers, depending on the service selected when opening the ticket.
Technician group should be able to receive requests and link them to affected CIs, disregarding the Org that owns the CI (technicians can see all CIs across orgs).
Researchers should be able to receive tickets and link them to CIs belonging to Org1. They must not see other CIs.
When configuring users, I can grant them roles and organizations, but I don't see how to grant a role in an organization and a different role in another organization.
Thnaks in advance!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In the current version of iTop, for the sake of simplicity (in other words: to keep things manageable), the "Profiles" (i.e. User roles) and Allowed Organizations (i.e. who can access which data) are "orthogonal". This means that a given user cannot have one role for Organization X and a different role for Organization Y.
All users can use the Portal interface, but users with the "Portal User" profile can use only the Portal interface (they are automatically redirected to it).
From what I understand, if you put no restrictions (empty list of "Allowed Organizations") to Technicians and a limit to Org1 for Researchers you should be close to what you are looking for...
Hope this helps
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Denis,
At this moment seems that the research group doesn't need access to CIs, so I think that we can operate with the two groups in the same Org and the researchers group granted with Service Desk Agent role.
In this scenario ... it's possible to assign to a different group (technician/researcher) depending on the service/subservice selected when opening the ticket? I've tried several configurations around service, delivery model, customer contracts ... but every SD ticket gets assigned to technician team. In a second step tech members can re-assign to other groups, but it's not desirable.
Edit: How does iTop the group assignation when I get emails with "assigned to XX group" ? It's based on reporter's Org ? or it depends on the service/subservice selected by the reporter?
Thx.
Last edit: Alex PL 2014-10-13
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Alex if i understand your ask : you look for how to disable reassign for technicien users???
if it is ur question i think u should modify the file in : Path of ITOP\env-production\itop-profiles-itil\model.itop-profiles-itil.php it contains all permission for all profile
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
I'm trying to setup our iTop instance (2.0.3) and I'm stuck with user permissions ...
There are two organizations Org1 and Org2, and about ~100 users. Users are organized in three groups:
technicians: 3 users
research: 3 different users.
general: all of them (100).
I want to allow all users to act as "Portal Users" so they can open requests and be assigned to technicians or researchers, depending on the service selected when opening the ticket.
Technician group should be able to receive requests and link them to affected CIs, disregarding the Org that owns the CI (technicians can see all CIs across orgs).
Researchers should be able to receive tickets and link them to CIs belonging to Org1. They must not see other CIs.
When configuring users, I can grant them roles and organizations, but I don't see how to grant a role in an organization and a different role in another organization.
Thnaks in advance!
Hi Alex,
In the current version of iTop, for the sake of simplicity (in other words: to keep things manageable), the "Profiles" (i.e. User roles) and Allowed Organizations (i.e. who can access which data) are "orthogonal". This means that a given user cannot have one role for Organization X and a different role for Organization Y.
All users can use the Portal interface, but users with the "Portal User" profile can use only the Portal interface (they are automatically redirected to it).
From what I understand, if you put no restrictions (empty list of "Allowed Organizations") to Technicians and a limit to Org1 for Researchers you should be close to what you are looking for...
Hope this helps
Hi Denis,
At this moment seems that the research group doesn't need access to CIs, so I think that we can operate with the two groups in the same Org and the researchers group granted with Service Desk Agent role.
In this scenario ... it's possible to assign to a different group (technician/researcher) depending on the service/subservice selected when opening the ticket? I've tried several configurations around service, delivery model, customer contracts ... but every SD ticket gets assigned to technician team. In a second step tech members can re-assign to other groups, but it's not desirable.
Edit: How does iTop the group assignation when I get emails with "assigned to XX group" ? It's based on reporter's Org ? or it depends on the service/subservice selected by the reporter?
Thx.
Last edit: Alex PL 2014-10-13
Hi Alex if i understand your ask : you look for how to disable reassign for technicien users???
if it is ur question i think u should modify the file in : Path of ITOP\env-production\itop-profiles-itil\model.itop-profiles-itil.php it contains all permission for all profile