Good idea, Dan. I think I would lock it down further by doing what ITSM does - show the user's tickets in a table field, and restrict (if you wish) their ability to open the individual items from that in a Dialog only. Give them columns that show the Status and other basic info, and maybe a means to view the work log, if you want that exposed to the customer.
Rick On 11/19/07, Wangler, Dan <[EMAIL PROTECTED]> wrote: > > ** > > Janet > > > > We are faced with the same issue. We want an external facing web page but > we don't want users of that web page from accessing any one else's. An > aproach we are taking is to direct the customer to a control panel and > restrict what he can see through Active Links. We are still discussing how > we will allow the external to access the page, whether to punch wholes in > the firewall or use reverse proxy. But, the customer will have only one url > he can access and only after he logs ins (he will have to register with us > first). That web page will produce a control panel. Since the customer > logged in, we will show him only his tickets and, if he is part of a group, > tickets pertaining to his group. If he tries to view a ticket submitted by > someone else, it will fail our qualification and will produce no records. > > > > > > Hope this gives you some idea. > > > > Dan > > Dan Wangler, Team Lead, STARS Group > > Phone: 214-567-8304; email: [EMAIL PROTECTED] > > Client/Server Services, IT Opeations > > Texas Instruments, Inc. > > 6500 Chase Oaks Blvd., MS 8401 > > Plano, Texas, 75023 > > > ------------------------------ > > *From:* Action Request System discussion list(ARSList) [mailto: > [EMAIL PROTECTED] *On Behalf Of *Mahan, Janet L [EQ] > *Sent:* Monday, November 19, 2007 8:47 AM > *To:* arslist@ARSLIST.ORG > *Subject:* External customers viewing tickets > > > > I would like to hear how others have reduced the risk of customers being > able to see another customer's records in Remedy. We have external > customers that are wanting to view their tickets and related information. > One large customer has various departments that it wants to see only their > departments information while the IT group sees tickets for the entire > company. I thought I had this locked down with filters on the customer and > site name but someone found a hole by doing a partial search. I have fixed > that issue but now I am tasked to find the Best Practice for allowing > customers to view tickets. Any suggestions are appreciated. > > Janet Mahan > Network Systems Administrator II > EMBARQ > > Voice: 941-766-6199 | Wireless: 321-356-0128 | Fax: 941-766-6199 > Email: [EMAIL PROTECTED] > > Voice | Data | Internet | Wireless | Entertainment > > This e-mail is the property of EMBARQ and may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. If > you are not the intended recipient (or authorized to receive for the > recipient), please contact the sender and delete all copies of the message. > > > __20060125_______________________This posting was submitted with HTML in > it___ __20060125_______________________This posting was submitted with HTML > in it___ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
