Great! thanks. This is working if a user search based on the Incident ID, but when a user does an unqulified search this does bring in the that record which user suppose not to have access. Is any way I can restrict that.
Regards, Sugan ________________________________ From: "Brittain, Mark" <mbritt...@navisite.com> To: arslist@ARSLIST.ORG Sent: Thursday, February 26, 2009 9:30:26 PM Subject: Re: Data level Security ** I have something similar. First I assigned the Assignee Group as the only permission in the Request ID field. The I created a field with a ID of 112. Using your example, workflow on create places YYY in the 112 field. After that only members of the YYY group can see the ticket. If you are not a member of the group and search with the Request ID, you get a system message data does not exist on the server (or something like that). You can list multiple groups in the 112 field. This could be when company YYY and your coworkers need to see the tickets. You must select “Enable Multiple Assign Groups under the Server Information/Configuration. This should address your issue unless your report (button) is evoking and external program like crystal reports. Hope this helps. mjb ________________________________ From:Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG ] On Behalf Of Lyle Taylor Sent: Thursday, February 26, 2009 6:48 PM To: arslist@ARSLIST.ORG Subject: Re: Data level Security You could potentially use multitenancy to accomplish this. You would essentially create another company with a support group that corresponds to group YYY and add the users to that group. You would then add the new company to their list of Access Restrictions on the People form and make sure that people that shouldn’t see those tickets don’t have Unrestricted Access selected on their profile. In that case, access to tickets in that group would be limited to people that have the new company added to their access restrictions (or that have a role on that specific ticket), and it would not be possible for other people to report on that data unless they go to the database directly, because it would not be returned in search results. That’s a high-level view of it (sorry if it doesn’t make sense), but suffice it to say for now that I think you could probably accomplish what you need using OOB multitenancy functionality. It may not be as elegant and seamless as what you were trying to accomplish here, but should still be doable. Lyle From:Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG ] On Behalf Of Sugavanam K K Sent: Thursday, February 26, 2009 4:12 PM To: arslist@ARSLIST.ORG Subject: Data level Security ** Following is the Requirement which I received form my client, I need some help to put this into place: We have a group YYY which will be using Incident Management system to create tickets and tickets created by them should not be seen by the any other users of the system. Following is what i did I created a new Group called YYY and assigned members to it, also I created a "Opt cat" for them to use. If any user does a search on the incident form I have an active link to check if the user is of YYY group and the ticket has the "Opt Cat" value, if yes, I throw a message saying "you are not authorized to view this ticket" and hide all fields on the incident form. But, here is the problem, user was able to create report on this ticket using he in built reporting button on tne menu and view the details of the ticket. Please let me know is there any I can disable Reporting option only on this instance. Other Way - I did try to close the Incident form when they hit these tickets but system is giving a message asking if is it ok close the window with out saving the ticket, If I say Yes no issues and Incident form is closed, when I say no form is not closed and user still able to generate a report to see the information on the ticket. Please sugesst me some soulution to do this. -Sugan __Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are" html___ NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This e-mail is the property of NaviSite, Inc. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail, or the information contained herein, to anyone other than the intended recipient is prohibited. __Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are" html___ __Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are" html___ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are"
