ServiceGrid Article - Permissions
This article is only valid for the ServiceDesk Application SD².
ServiceDesk (SD²) Permissions
Permissions is the central point for defining and maintaining all permission related topics for the ServiceDesk Application (SD²). Permissions is structured into seven topics as follows:
- Password policy: Defines the password policy of the company.
- Roles: Shows the roles a company has.
- Products and Permissions: Defines the product and function access for all permission groups.
- Setup Choice: Defines which setups the permission groups are allowed to use (Matrix administration).
- Permission Groups: Defines which setups the permission groups are allowed to use (List administration).
- Portals Access: Parameters for other portals.
- HelpPages: For administrating customized help content.
ServiceDesk Permission groups
Access to each ServiceDesk module of the Cisco ServiceGrid application can be restricted on permission group basis. The access to modules, functions, and setups are defined through permission groups.
Users and permission groups
- Each user is a member of one PermissionGroup.
- Each user of the application has a login and password.
Users and organizations
- Each user is a member of one or many organizations.
- Each user sees only data of its assigned organization(s).
To design a permission concept, up to 30 permission groups, structured into 6 permission group types can be used:
- NoLogin (NL)
- EndUser (EU)
- ServiceDesk (SD)
- ServiceSupport (SUP)
- Administrator (ADM)
- SuperUser (SU)
- System (SYS)
All available permission groups are listed in the CommonContent dictionary.
|NoLogin (NL)||NoLogin are all users having no login to the SolveDirect application. They can only be assigned as caller or as contact person. One permission group with the NoLogin (NL) type is provided.|
|EndUser (EU)||EndUsers are users which may be referenced to a call as caller or contact person. EndUsers can have a login and password, but are allowed to see their own call data only. This means they cannot access calls from other people of the same organization they belong to. Up to six different end-user permission groups (EU) can be defined.|
|ServiceDesk (SD)||Service desk users are persons who are active participants in the service process as service desk, helpdesk (1st level). Service desk users usually have a login and password. Up to ten different ServiceDesk (SD) permission groups can be defined.|
| ServiceSupport (SUP)||ServiceSupport users are all persons who are active participants in the service process as 2nd evel technician or 3rd level technician. Service Support users usually have a login/password. Up to ten different ServiceSupport (SUP) permission groups can be defined.|
|Administrator (AD)||Administrators are all users which administrate the Cisco ServiceGrid application. Administrator has extended right to edit the basic data and to edit the customized system. For example, Create new user, Change the PermissionGroups of a user . One permission group for administrators (AD) is provided.|
|SuperUser (SU)||Super user is only used by the implementer. All the super users have the right right for customizing the whole company including the common content. One permission group for super users (SUI) is provided.|
|System (SYS)||The System user is only used to connect to other systems. One permission group for system users (SUI) is provided.|
The password policy ensures that passwords should be generated and managed according to a defined standard. The password policy contains rules for format, content, and the duration of validity of passwords:
- The access to the Cisco ServiceGrid platform is only granted for authorized users.
- All authorized users should be defined through a user record in the Cisco ServiceGrid database and should have a unique login name and password.
- Each user has only access to the company (account) data of the company she/he is a member of.
- Only administrators can create new user records, or disable an existing user.
- Membership (queues, levels) and permissions (login, password) of users are managed by the administrators only.
- After the application has not been used by the user for a certain period of time (30 minutes), the session will be automatically closed and the user must login again.
The following options can be set:
- MinPasswordLength: (Minimum Password Length): Minimum amount of characters used for the password.
- MaxPasswordLength (Maximum Password Length): Maximum amount of characters used for the password.
- MaxWrongPasswordAttempts (Maximum Number of wrong Password attempts): How often a wrong password can be entered unless the user login is locked.
- PasswordHistoryLength (Password History Length): The password history length defines which of the previous passwords can be used again.
- MinPasswordChangeIntervalHours (Minimum Password Change Interval in Hours): The change interval defines how often a password can be changed within the defined hours. PasswordDurationDays (Password Duration in Days): How long a password is valid until it has to be renewed.
- MustUseCapitalFlag (Must Use Capitals): Defines if capitals should be used in the password.
- MustUseDigitFlag (Must Use Digits): Defines if digits should be used in the password.
Exception for Administrators
- DisablePasswordHistoryFlag: Allows the administrator to reuse previous passwords which would be denied because of the PasswordHistoryLenght.
- DisableMinPasswordChange/IntervalHoursFlag: (Disable Minimum Password Change Interval in Hours). This is important to set, otherwise only the administrator will be able to change the password in Minimum Password Change Interval in Hours.
To change the password policy settings, use the Change master data function.
The Roles function shows which roles are currently used by the selected company. In most cases, both the Service Customer and the Service Provider will be present. This definition can only be changed by a super user.
Products and Permissions
Before the modules of the Cisco serviceGrid platform can be customized, they must be activated for the selected company (performed by Cisco ServiceGrid). If you require modules which are not listed inside of Product and Permissions of your company please contact Cisco ServiceGrid. Therefore, three different ways of restrictions can be performed inside of the Cisco ServiceGrid solution module:
- Module Permissions: Define if a permission group is allowed to view, read, or write the modules.
- Function Permissions: Define if a permission group is allowed to use the functions of the modules.
- Setups and setup permissions: Define which list and detail setup a permission group has to use and which information they can view, read, or edit.
NOTE: From the start, all permission groups are denied to use any of the available modules. To be able to use the Cisco ServiceGrid platform, you have to switch on the access for all required modules to make the system work for your users.
The Cisco ServiceGrid modules can be activated and deactivated for all permission groups individually.
- Use the product permissions located inside the BasicData.
Choose BasicData > MyCompany > Company name > Permissions > Product and Permissions > Select a permission group
- Select a set of permission groups to switch to the matrix edit mode
- Change ADM & SYS; Change all SUP; Change all SD; Change all EU
A drop-down list allows setting the read/write/hide access of a module (for each permission group separately). Three different access options are available as follows:
- Hide: Denies the permission group to access the module. The module will not be shown to the user/permission group at all.
- Read: Allows the permission group to view the module.
- Write: Allows the permission group to view and write the module.
Each module of the platform is represented with an own table.
- Don not forget to activate the Top module to give a user the right to access Help and its own data, and to leave the system by hitting the log out button.
- Select and deselect the functions of a module by using the provided flags.
- If you get lost inside a matrix, keep the mouse arrow over a check box, to be informed through a mouse-over popup information.
- Press the Save button at the page bottom to perform the changes.
NOTE: Giving a group writing permissions for BasicData allows the assigned users not only to edit, read, and delete the data. It also allows them to change the whole customized system.
Tip: When you deactivate the MyCompany function for users maintaining the master data, they will not be able to access the customizing data.
Tip: Activate the Top module to give a user the right to access Help and its own data, and to leave the system by hitting the log out button.
Tip: Read/'Write, Allowed/Denied, and setups allow various combinations of how the Cisco ServiceGrid platform can be accessed by its users (permission groups).
The functions of a module (For example, Overview, Solutions, New Call by Caller, and so on) can be activated and deactivated for all permission groups individually.
- The module functions can be activated/deactivated for all permission groups individually.
Therefore, use the product permissions located in the BasicData.
- Choose BasicData > MyCompany > Company name > Permissions > Product and Permissions > Select a permission group.
- Select a set of permission groups to switch to the edit mode.
- Change ADM & SYS; Change all SUP; Change all SD; Change all EU.
- A check box allows a permission group to access this function.
- When you check the check box, Overview function is available.
- When you uncheck the check box, Overview function is not available.
- Press the Save button to write the changes. With the next login the changes become active.
PermissionGroups is an alternative way to Setup Choice for assigning a setup to permission groups. This function is especially useful when dealing with a great amount of setups (very large customized systems).
- By default, only used permission groups will be shown.
- Delete the value of the filter field UserCount to see all permission groups (including the currently unused groups).
- Click a permission group to see a list with all the assigned setups.
- Click Change Setup Choice to change the assigned setups.
- Check the first checkbox to assign the setup to the currently chosen permission group.
- Check the Default checkbox to define a setup as default setup.
Tip: Default setups will be shown as first setup when a list or detail is used. Be careful to define only one setup as default per section and permissions where setups are used.
Portals is used to define the access settings to other portals. For more information about portals, contact Cisco ServiceGrid.
All customers have access to the standard Cisco ServiceGrid Help pages through the Help button. If needed, this Help button can be customized to direct the users to the following:
- A wikipage with own content or
- To an external webpage.
Additionally, for each permission group, help content or external links can be defined (and mixed as well). For more information on how to customize an own wiki system with own content, refer to the SD.Dialog Wiki document.
For a complete list of Cisco ServiceGrid Articles, go to the List of Articles page.