Re: [Non-DoD Source] Re: Securing Sensitive WO Information
Another idea somewhat along the same lines is to use encryption via workflow. Using this one can use a encryption key for a record, and share that key with whoever they need to share it with, thus making it a little more flexible than hardcoded row-level or permission level lock. I have used this successfully. The drawback to this is if the submitter forgets the encryption key - however this drawback can be overcome by creating a small sub function that allows only the submitter of that row to reset the encryption key. The advantage of creating a reset for the encryption key is to also reset it when you want to stop sharing that row with users it has been previously shared with. This pretty much removes the drawback as well as adds a feature to the functionality. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Ingrey, Rosemary Sent: Wednesday, August 23, 2017 12:26 AM To: arslist@ARSLIST.ORG Subject: Re: [Non-DoD Source] Re: Securing Sensitive WO Information That's a really interesting idea! Thanks for sharing it. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Terry Bootsma Sent: Wednesday, 23 August 2017 6:28 AM To: arslist@ARSLIST.ORG Subject: Re: [Non-DoD Source] Re: Securing Sensitive WO Information While entry row-level access can do what you want, I've implemented something different that might meet your needs and you may want to think about. I've created a special type of Work Log (Secure Work Log) and only allowed users with certain permissions to view, report, etc. on this type of work log entry. This has the benefit of having people being able to interact with the application and entry (Incident/Change/Work Order) as a whole without the pain of hiding/unhiding/etc. the entry as it is passed between various groups. Any "secure" information needs to be put into the request via the "Secure Work Log" entry. This might work in your situation, based upon your requirements. Something to think about. Terry -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Rackley, James A CIV Sent: August-22-17 8:41 AM To: arslist@ARSLIST.ORG Subject: Re: [Non-DoD Source] Re: Securing Sensitive WO Information Roger is correct. Configuring multi-tenancy is not worth the ROI in this instance. Neither is Case Management. We were hoping for a simpler solution at the Support Group level. Regards, Jim -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Roger Justice Sent: Friday, August 18, 2017 4:14 PM To: arslist@ARSLIST.ORG Subject: [Non-DoD Source] Re: Securing Sensitive WO Information ** His statement is specific Support Group not separate companies. -Original Message- From: Deepak Pathak To: arslist Sent: Fri, Aug 18, 2017 3:52 pm Subject: Re: Securing Sensitive WO Information ** I believe that feature is called Multi-Tenancy. On Fri, Aug 18, 2017 at 10:34 AM, Rackley, James A CIV wrote: Oh Mighty Brain Trust, What is the recommended method to ensure that users with Work Order permissions CANNOT see a specific subset of WOs via Global Search, WO Console, Overview, AR Reporting, Analytics, or Smart Reporting? Essentially, only users in a specific Support Group should be able to see anything at all about WOs assigned to this Support Group. Thanks in advance! Regards, Jim Rackley, PMP CGFIXIT Service Manager USCG, C4ITSC, Business Operations Division "You can't help everyone. But everyone can help someone." ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.arslist.org&d=DwMCa Q&c=0NKfg44GVknAU-XkWXjNxQ&r=iuYYqFqKHbSOeyo5LY9dkV5F4FpNAQQwkv53Lj1KZMQ&m=b hbd2MzApvpTGxeBSWoFc2I-6QzdkhsaQKFVVHfXFuY&s=Me9JYEPDXPdI2JMa6-H17FULCBbOSVM PpO-lnzyqdD8&e=> "Where the Answers Are, and have been for 20 years" _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" Confidential comm
Re: [Non-DoD Source] Re: Securing Sensitive WO Information
That's a really interesting idea! Thanks for sharing it. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Terry Bootsma Sent: Wednesday, 23 August 2017 6:28 AM To: arslist@ARSLIST.ORG Subject: Re: [Non-DoD Source] Re: Securing Sensitive WO Information While entry row-level access can do what you want, I've implemented something different that might meet your needs and you may want to think about. I've created a special type of Work Log (Secure Work Log) and only allowed users with certain permissions to view, report, etc. on this type of work log entry. This has the benefit of having people being able to interact with the application and entry (Incident/Change/Work Order) as a whole without the pain of hiding/unhiding/etc. the entry as it is passed between various groups. Any "secure" information needs to be put into the request via the "Secure Work Log" entry. This might work in your situation, based upon your requirements. Something to think about. Terry -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Rackley, James A CIV Sent: August-22-17 8:41 AM To: arslist@ARSLIST.ORG Subject: Re: [Non-DoD Source] Re: Securing Sensitive WO Information Roger is correct. Configuring multi-tenancy is not worth the ROI in this instance. Neither is Case Management. We were hoping for a simpler solution at the Support Group level. Regards, Jim -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Roger Justice Sent: Friday, August 18, 2017 4:14 PM To: arslist@ARSLIST.ORG Subject: [Non-DoD Source] Re: Securing Sensitive WO Information ** His statement is specific Support Group not separate companies. -Original Message- From: Deepak Pathak To: arslist Sent: Fri, Aug 18, 2017 3:52 pm Subject: Re: Securing Sensitive WO Information ** I believe that feature is called Multi-Tenancy. On Fri, Aug 18, 2017 at 10:34 AM, Rackley, James A CIV wrote: Oh Mighty Brain Trust, What is the recommended method to ensure that users with Work Order permissions CANNOT see a specific subset of WOs via Global Search, WO Console, Overview, AR Reporting, Analytics, or Smart Reporting? Essentially, only users in a specific Support Group should be able to see anything at all about WOs assigned to this Support Group. Thanks in advance! Regards, Jim Rackley, PMP CGFIXIT Service Manager USCG, C4ITSC, Business Operations Division "You can't help everyone. But everyone can help someone." ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.arslist.org&d=DwMCa Q&c=0NKfg44GVknAU-XkWXjNxQ&r=iuYYqFqKHbSOeyo5LY9dkV5F4FpNAQQwkv53Lj1KZMQ&m=b hbd2MzApvpTGxeBSWoFc2I-6QzdkhsaQKFVVHfXFuY&s=Me9JYEPDXPdI2JMa6-H17FULCBbOSVM PpO-lnzyqdD8&e=> "Where the Answers Are, and have been for 20 years" _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" Confidential communication Westpac Banking Corporation (ABN 33 007 457 141) Westpac Institutional Bank is a division of Westpac Banking Corporation ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: [Non-DoD Source] Re: Securing Sensitive WO Information
While entry row-level access can do what you want, I've implemented something different that might meet your needs and you may want to think about. I've created a special type of Work Log (Secure Work Log) and only allowed users with certain permissions to view, report, etc. on this type of work log entry. This has the benefit of having people being able to interact with the application and entry (Incident/Change/Work Order) as a whole without the pain of hiding/unhiding/etc. the entry as it is passed between various groups. Any "secure" information needs to be put into the request via the "Secure Work Log" entry. This might work in your situation, based upon your requirements. Something to think about. Terry -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Rackley, James A CIV Sent: August-22-17 8:41 AM To: arslist@ARSLIST.ORG Subject: Re: [Non-DoD Source] Re: Securing Sensitive WO Information Roger is correct. Configuring multi-tenancy is not worth the ROI in this instance. Neither is Case Management. We were hoping for a simpler solution at the Support Group level. Regards, Jim -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Roger Justice Sent: Friday, August 18, 2017 4:14 PM To: arslist@ARSLIST.ORG Subject: [Non-DoD Source] Re: Securing Sensitive WO Information ** His statement is specific Support Group not separate companies. -Original Message- From: Deepak Pathak To: arslist Sent: Fri, Aug 18, 2017 3:52 pm Subject: Re: Securing Sensitive WO Information ** I believe that feature is called Multi-Tenancy. On Fri, Aug 18, 2017 at 10:34 AM, Rackley, James A CIV wrote: Oh Mighty Brain Trust, What is the recommended method to ensure that users with Work Order permissions CANNOT see a specific subset of WOs via Global Search, WO Console, Overview, AR Reporting, Analytics, or Smart Reporting? Essentially, only users in a specific Support Group should be able to see anything at all about WOs assigned to this Support Group. Thanks in advance! Regards, Jim Rackley, PMP CGFIXIT Service Manager USCG, C4ITSC, Business Operations Division "You can't help everyone. But everyone can help someone." ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.arslist.org&d=DwMCa Q&c=0NKfg44GVknAU-XkWXjNxQ&r=iuYYqFqKHbSOeyo5LY9dkV5F4FpNAQQwkv53Lj1KZMQ&m=b hbd2MzApvpTGxeBSWoFc2I-6QzdkhsaQKFVVHfXFuY&s=Me9JYEPDXPdI2JMa6-H17FULCBbOSVM PpO-lnzyqdD8&e=> "Where the Answers Are, and have been for 20 years" _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: [Non-DoD Source] Re: Securing Sensitive WO Information
Jim, Multitenancy if setup properly is not a huge overhead and allows you to take advantage of a lot of the out of box functionality. Most implementations I have see setup multitenancy as separate organizations the are using the ITSM suite as almost a internal hosted solution for multiple support organizations. Most of them have a bunch of flaws in their setup. My guess is that you have multiple support organizations under a single customer that is looking to segregate data (soc, service desk, application development, noc, ect.). The best way to do this is multitenancy. It doesn't require customization and is simple configurations. What a log of developers I have see do is customize a solution because they want to do this at the support group level. Cool just build customizations around the permission fields I believe they are 112 and 6969. When assigned to a certain group set those fields at execution 999 to whatever group id that support group is. Now do this for every backend form that is going to touch. I'll be interested to see what final solution you come up with. Brian -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Rackley, James A CIV Sent: Tuesday, August 22, 2017 8:41 AM To: arslist@ARSLIST.ORG Subject: Re: [Non-DoD Source] Re: Securing Sensitive WO Information Roger is correct. Configuring multi-tenancy is not worth the ROI in this instance. Neither is Case Management. We were hoping for a simpler solution at the Support Group level. Regards, Jim -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Roger Justice Sent: Friday, August 18, 2017 4:14 PM To: arslist@ARSLIST.ORG Subject: [Non-DoD Source] Re: Securing Sensitive WO Information ** His statement is specific Support Group not separate companies. -Original Message- From: Deepak Pathak To: arslist Sent: Fri, Aug 18, 2017 3:52 pm Subject: Re: Securing Sensitive WO Information ** I believe that feature is called Multi-Tenancy. On Fri, Aug 18, 2017 at 10:34 AM, Rackley, James A CIV wrote: Oh Mighty Brain Trust, What is the recommended method to ensure that users with Work Order permissions CANNOT see a specific subset of WOs via Global Search, WO Console, Overview, AR Reporting, Analytics, or Smart Reporting? Essentially, only users in a specific Support Group should be able to see anything at all about WOs assigned to this Support Group. Thanks in advance! Regards, Jim Rackley, PMP CGFIXIT Service Manager USCG, C4ITSC, Business Operations Division "You can't help everyone. But everyone can help someone." ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.arslist.org&d=DwMCaQ&c=0NKfg44GVknAU-XkWXjNxQ&r=iuYYqFqKHbSOeyo5LY9dkV5F4FpNAQQwkv53Lj1KZMQ&m=bhbd2MzApvpTGxeBSWoFc2I-6QzdkhsaQKFVVHfXFuY&s=Me9JYEPDXPdI2JMa6-H17FULCBbOSVMPpO-lnzyqdD8&e=> "Where the Answers Are, and have been for 20 years" _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" DISCLAIMER: The information contained in this e-mail and its attachments contain confidential information belonging to the sender, which is legally privileged. The information is intended only for the use of the recipient(s) named above. If you are not the intended recipient, you are notified that any disclosure, copying, distribution or action in reliance upon the contents of the information transmitted is strictly prohibited. If you have received this information in error, please delete it immediately. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: [Non-DoD Source] Re: Securing Sensitive WO Information
Roger is correct. Configuring multi-tenancy is not worth the ROI in this instance. Neither is Case Management. We were hoping for a simpler solution at the Support Group level. Regards, Jim -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Roger Justice Sent: Friday, August 18, 2017 4:14 PM To: arslist@ARSLIST.ORG Subject: [Non-DoD Source] Re: Securing Sensitive WO Information ** His statement is specific Support Group not separate companies. -Original Message- From: Deepak Pathak To: arslist Sent: Fri, Aug 18, 2017 3:52 pm Subject: Re: Securing Sensitive WO Information ** I believe that feature is called Multi-Tenancy. On Fri, Aug 18, 2017 at 10:34 AM, Rackley, James A CIV wrote: Oh Mighty Brain Trust, What is the recommended method to ensure that users with Work Order permissions CANNOT see a specific subset of WOs via Global Search, WO Console, Overview, AR Reporting, Analytics, or Smart Reporting? Essentially, only users in a specific Support Group should be able to see anything at all about WOs assigned to this Support Group. Thanks in advance! Regards, Jim Rackley, PMP CGFIXIT Service Manager USCG, C4ITSC, Business Operations Division "You can't help everyone. But everyone can help someone." ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.arslist.org&d=DwMCaQ&c=0NKfg44GVknAU-XkWXjNxQ&r=iuYYqFqKHbSOeyo5LY9dkV5F4FpNAQQwkv53Lj1KZMQ&m=bhbd2MzApvpTGxeBSWoFc2I-6QzdkhsaQKFVVHfXFuY&s=Me9JYEPDXPdI2JMa6-H17FULCBbOSVMPpO-lnzyqdD8&e=> "Where the Answers Are, and have been for 20 years" _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: [Non-DoD Source] Re: Securing Sensitive WO Information
I would think you could do this with a multi-tenancy setup. It should go across multiple platforms (analytics, smart reporting, ect). We have one customer with almost 300 companies setup for this very purpose. It works well. From: Action Request System discussion list(ARSList) on behalf of Rackley, James A CIV Sent: Friday, August 18, 2017 12:18:05 PM To: arslist@ARSLIST.ORG Subject: Re: [Non-DoD Source] Re: Securing Sensitive WO Information My apologies; we're running 9.1. Regards, Jim -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Roger Justice Sent: Friday, August 18, 2017 12:03 PM To: arslist@ARSLIST.ORG Subject: [Non-DoD Source] Re: Securing Sensitive WO Information ** Please provide the release you are working on. There is nothing in the base capability to do this. -Original Message- From: Rackley, James A CIV To: arslist Sent: Fri, Aug 18, 2017 11:35 am Subject: Securing Sensitive WO Information Oh Mighty Brain Trust, What is the recommended method to ensure that users with Work Order permissions CANNOT see a specific subset of WOs via Global Search, WO Console, Overview, AR Reporting, Analytics, or Smart Reporting? Essentially, only users in a specific Support Group should be able to see anything at all about WOs assigned to this Support Group. Thanks in advance! Regards, Jim Rackley, PMP CGFIXIT Service Manager USCG, C4ITSC, Business Operations Division "You can't help everyone. But everyone can help someone." ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org<http://www.arslist.org> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.arslist.org&d=DwMCaQ&c=0NKfg44GVknAU-XkWXjNxQ&r=iuYYqFqKHbSOeyo5LY9dkV5F4FpNAQQwkv53Lj1KZMQ&m=bAlriophZgQ10jNadNjX_K1xVNNywYmVMeZkiA-bF6U&s=Q3XktB0m8kLLidxSkkieFz3zmk-_Ch6VDJn8GzA_2BU&e=> "Where the Answers Are, and have been for 20 years" _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org<http://www.arslist.org> "Where the Answers Are, and have been for 20 years" DISCLAIMER: The information contained in this e-mail and its attachments contain confidential information belonging to the sender, which is legally privileged. The information is intended only for the use of the recipient(s) named above. If you are not the intended recipient, you are notified that any disclosure, copying, distribution or action in reliance upon the contents of the information transmitted is strictly prohibited. If you have received this information in error, please delete it immediately. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: [Non-DoD Source] Re: Securing Sensitive WO Information
My apologies; we're running 9.1. Regards, Jim -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Roger Justice Sent: Friday, August 18, 2017 12:03 PM To: arslist@ARSLIST.ORG Subject: [Non-DoD Source] Re: Securing Sensitive WO Information ** Please provide the release you are working on. There is nothing in the base capability to do this. -Original Message- From: Rackley, James A CIV To: arslist Sent: Fri, Aug 18, 2017 11:35 am Subject: Securing Sensitive WO Information Oh Mighty Brain Trust, What is the recommended method to ensure that users with Work Order permissions CANNOT see a specific subset of WOs via Global Search, WO Console, Overview, AR Reporting, Analytics, or Smart Reporting? Essentially, only users in a specific Support Group should be able to see anything at all about WOs assigned to this Support Group. Thanks in advance! Regards, Jim Rackley, PMP CGFIXIT Service Manager USCG, C4ITSC, Business Operations Division "You can't help everyone. But everyone can help someone." ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.arslist.org&d=DwMCaQ&c=0NKfg44GVknAU-XkWXjNxQ&r=iuYYqFqKHbSOeyo5LY9dkV5F4FpNAQQwkv53Lj1KZMQ&m=bAlriophZgQ10jNadNjX_K1xVNNywYmVMeZkiA-bF6U&s=Q3XktB0m8kLLidxSkkieFz3zmk-_Ch6VDJn8GzA_2BU&e=> "Where the Answers Are, and have been for 20 years" _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"