Hi,
Note that the Restricted Read license is applicapble in the new blue licenses
model. So if you are a really new customer and use this to access ITSM data,
you can not leverage the Restricted Read user.
The old green and old blue license models are still the same. And for custom
applications Restricted Read still works as you describe.
If you use Restricted Read you have to make sure that you do not allow updates
related to the submitted data. You can technically achieve this by submitting
in a different form and pushing it to the original record. This would be a
violation of the End User License Agreement.
Apart from the licensing aspects of Restricted Read, you have to program some
external mechanism to limit access for a specific end user to the records he
submitted. This could be a little complex and cause security issues.
Best Regards - Misi, RRR AB, http://www.rrr.se (ARSList MVP 2011)
Ask the Remedy Licensing Experts (Best R.O.I. Award at WWRUG10/11/12/13):
* RRR|License - Not enough Remedy licenses? Save money by optimizing.
* RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs.
Find these products, and many free tools and utilities, at http://rrr.se.
> Misi,
>
> I know that this is a bit of a different setting than the original post. What
> would you think about creating a single user account with a Read Restricted
> license? From what I've read, with proper server setup, those users could log
> in from different IP addresses, would still be able to submit (provided the
> form is set up to do so), but wouldn't be able to modify.
>
> --Dustin Fawver
>
> ITS Helpdesk
> East Tennessee State University
> 423-439-4648
> itsh...@etsu.edu
>
> ________________________________________
> From: Action Request System discussion list(ARSList) <arslist@ARSLIST.ORG> on
> behalf of Misi Mladoniczky <m...@rrr.se>
> Sent: Thursday, April 21, 2016 6:03 AM
> To: arslist@ARSLIST.ORG
> Subject: Re: Remedy access from external internet sites?
>
> Hi,
>
> Apparently you would want to have some kind of registration process which
> identifies the user and verifies the email address. You need to store this
> somewhere. Either as a record in the user form, or somewhere else.
>
> Whenever a user logs in he needs to supply a password or use some other kind
> of SSO mechanism.
>
> You can build an AR External Authentication plugin, or leverage an existing
> one, to verify users that do not exist in the User-form. You would then give
> them a READ licenses, and given that you populate the Submitter fields with
> the users login name, he can update these records. You can then also use
> simple row-level access to make sure they only sees their personal records.
>
> If you want to give them access through Mid-Tier, through a third party
> solution or through your home grown thing, is up to you.
>
> If you are on version 9, the REST interface might be nice to work against.
>
> Best Regards - Misi, RRR AB, http://www.rrr.se (ARSList MVP 2011)
>
> Ask the Remedy Licensing Experts (Best R.O.I. Award at WWRUG10/11/12/13):
> * RRR|License - Not enough Remedy licenses? Save money by optimizing.
> * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs.
> Find these products, and many free tools and utilities, at http://rrr.se.
>
>> Hello!
>>
>> Have any of you got Remedy set up in a way that allows people who do not
>> exist
>> in the "User" form to submit and view requests via the web?
>>
>> We have a bespoke web-based Remedy system and currently only trained agents
>> are allowed to log calls, and it is currently all internal - although we do
>> have web services interacting with external systems and some basic web forms
>> which pass CSV data.
>>
>> We're looking to potentially allow anyone to report faults using a
>> simplified
>> version of the call-logging screen and for this to be more flexible and
>> scalable than the existing web forms integration.
>>
>> Questions:
>>
>> - One suggestions is using a third party app as a go-between,
>> between
>> Remedy and the outside world. Is that a recommended step? That would seem
>> to
>> be a duplication of effort (changes to the external form need to be
>> reflected
>> in the remedy form and vice versa)
>>
>> - What is the best way of allowing Joe Public to submit a request
>> and
>> subsequently be able to view that request? We wouldn't look for them to
>> exist
>> as a remedy on user, but we would want to store their email address and
>> check
>> that it is valid.
>>
>> - Are there any security issues to be aware of? I imagine this
>> could
>> be the question that stops us from moving forward on this one
>>
>> Any hints/tips/stories of success/failure gratefully received!
>>
>> Thanks
>> Isabel
>>
>>
>>
>> Glasgow - UK Council of the Year 2015
>>
>> ***Disclaimer****
>> This e-mail and any attachments are for the intended addressee(s) only and
>> may
>> contain confidential and/or privileged material. If you are not a named
>> addressee, do not use, retain or disclose such information. This email is
>> not
>> guaranteed to be free from viruses and does not bind Access in any contract
>> or
>> obligation.
>>
>> SERVICE GLASGOW LLP trading as ACCESS Registered in Scotland. No: SO301705
>> Registered Office: 220 High Street, Glasgow, G4 0QW
>>
>>
>> _______________________________________________________________________________
>> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
>> "Where the Answers Are, and have been for 20 years"
>>
>
> _______________________________________________________________________________
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> "Where the Answers Are, and have been for 20 years"
>
> _______________________________________________________________________________
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> "Where the Answers Are, and have been for 20 years"
>
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"
