Thanks for the quick response. This is basically what I have been doing except just allowing them to login to the mid-tier instead of a separate web page. The question my manager is asking is how fool-proof is it that they can see only their tickets. And I can't think of any way to make it mistake proof, if I leave out a qualification then they can see tickets they should not. I wanted to make sure there wasn't a mistake proof way out there I was not aware of. Do you think it is better to direct them to a web page outside of the mid-tier that displays the information from Remedy?
Janet Mahan Network Systems Administrator II EMBARQ Voice: 941-766-6199 | Wireless: 321-356-0128 | Fax: 941-766-6199 Email: [EMAIL PROTECTED] Voice | Data | Internet | Wireless | Entertainment This e-mail is the property of EMBARQ and may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender and delete all copies of the message. ________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Wangler, Dan Sent: Monday, November 19, 2007 2:43 PM To: arslist@ARSLIST.ORG Subject: Re: External customers viewing tickets ** Rick This is basically what we are proposing. The customer will see his tickets or his groups tickets in a table field. Click on it to open a display only form to show him what we want him to see. Give him the same form if he wants to submit a ticket and also provide a customer survey display only form for him. Active Links would push/pull information to/from our main forms to the display only forms. That way we control what he sees. Dan Dan Wangler, Team Lead, STARS Group Phone: 214-567-8304; email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Client/Server Services, IT Opeations Texas Instruments, Inc. 6500 Chase Oaks Blvd., MS 8401 Plano, Texas, 75023 ________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Rick Cook Sent: Monday, November 19, 2007 1:37 PM To: arslist@ARSLIST.ORG Subject: Re: External customers viewing tickets ** Good idea, Dan. I think I would lock it down further by doing what ITSM does - show the user's tickets in a table field, and restrict (if you wish) their ability to open the individual items from that in a Dialog only. Give them columns that show the Status and other basic info, and maybe a means to view the work log, if you want that exposed to the customer. Rick On 11/19/07, Wangler, Dan <[EMAIL PROTECTED]> wrote: ** Janet We are faced with the same issue. We want an external facing web page but we don't want users of that web page from accessing any one else's. An aproach we are taking is to direct the customer to a control panel and restrict what he can see through Active Links. We are still discussing how we will allow the external to access the page, whether to punch wholes in the firewall or use reverse proxy. But, the customer will have only one url he can access and only after he logs ins (he will have to register with us first). That web page will produce a control panel. Since the customer logged in, we will show him only his tickets and, if he is part of a group, tickets pertaining to his group. If he tries to view a ticket submitted by someone else, it will fail our qualification and will produce no records. Hope this gives you some idea. Dan Dan Wangler, Team Lead, STARS Group Phone: 214-567-8304; email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Client/Server Services, IT Opeations Texas Instruments, Inc. 6500 Chase Oaks Blvd., MS 8401 Plano , Texas, 75023 ________________________________ From: Action Request System discussion list(ARSList) [mailto: [EMAIL PROTECTED] On Behalf Of Mahan, Janet L [EQ] Sent: Monday, November 19, 2007 8:47 AM To: arslist@ARSLIST.ORG Subject: External customers viewing tickets I would like to hear how others have reduced the risk of customers being able to see another customer's records in Remedy. We have external customers that are wanting to view their tickets and related information. One large customer has various departments that it wants to see only their departments information while the IT group sees tickets for the entire company. I thought I had this locked down with filters on the customer and site name but someone found a hole by doing a partial search. I have fixed that issue but now I am tasked to find the Best Practice for allowing customers to view tickets. Any suggestions are appreciated. Janet Mahan Network Systems Administrator II EMBARQ Voice: 941-766-6199 | Wireless: 321-356-0128 | Fax: 941-766-6199 Email: [EMAIL PROTECTED] Voice | Data | Internet | Wireless | Entertainment This e-mail is the property of EMBARQ and may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender and delete all copies of the message. __20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"