Our Security Dept is using Service Desk and want to use Service Calls as a way of logging all Security related issues (you could call them incidents, but well) Because of the nature of those service calls, there might be confidential informtion that only security is allowed to see.
Is there a way of isolating such service calls so that they are only visible to security?
I was thinking about using a specific role and then i am not sure how to continue as special views/templates do not seem to isolate the records (still can be searched and opened)
I will need suggestions for both SD4.5 (this one is more important) and SC6.2
- an email enabled Service Call template. - The Service call template fills in automatically the folder we created for this. - a role which is the one to have access to see the Service Calls in that folder
But we are not able to give this role the permission to see this folder. Or the other roles the persmission to see everything, except this specific folder
If it is of any help, we have never used folders and this is the first one that has been created
I don't see the problem. Create a role for the secutity folder access. Only assign access rights for the role against the security folder. Only assign the role to the people that will deal with the security issues.
Be sure to assign the permissions for view and edit etc. at the folder level and not at the root level.
After you created the folder, check the other roles and make any roles that provided access at the root level are changed to provide access at the folder level.
You will need at a minimun 2 folders. One for security calls and ond for the other "general" calls .
You need to enable folder entitlements. Do this from the System panel - General settings. Then when you look at roles you will see that there are now folders for each of the items. One thing to note is that permissons on the root are inherited to the child folders. Therefore you will need to create 2 folders - 1 for security and one for "others" and then update all existing Service Calls so that the "Folder" attribute is set to the "Other" folder. Then change all non security roles so that they don't have root permission to Service Calls - only to the "other" folder. Then change the security role appropriate access to the security folder.
This is functionality is also available in SC6.2 but is called Mandentan. Effectively you add a query expression to the mandenten group that is appended to all queries that they run. For example you may create a group that for Interactions any access has a query added to it "and attribute is not 'Security' (where attribute is where you indicate what type it is.
Be also aware that in Service Desk 4.5 the servicedesk account can still see any data - as can anyone with the admin role. The folder restrictions are not applied if you use an ODBC connection to look at the data.
Apparently Service Manager 7.x will have both the Mandentan and Folders.