Configuring Request Offering Access

You can determine who can access and edit a request item when a request offering is published.

From the request offering Publish Action page, set access by organizational unit and location.

Request Offering Publish Action Page

A default location allows all locations to view and submit a service request.

A request offering owner always has full access to the service request, even if their location or organizational unit has none.

Only a Service Owner can edit a request offering, and must be included in the designated organizational unit and location.

Configuring Access Rights by User Properties

Administrators can configure access rights based on the user properties in the Configure Access workspace. These properties control the request offerings that are available to the Service Catalog users. After adding a property, the system updates the Publish Action Access tab of the request offering, which allows the usage of filters.

You can configure access to a request offering by multiple properties such as department, location, and organizational unit, or simply by department or team. Configuring access by team gives access rights to members of a specific team regardless of their department, organizational unit, or location.

Any rights or access added through this function are displayed on any new request offerings created after making the access changes. Rights assigned through this function appear, but should not affect the rights of existing request offerings. The owner of the request offering template retains all rights, regardless of the settings in the Configure Access workspace.

The examples below show how to add and configure team access, but you can add department or any other business object access based on your requirements. The example also depicts how request offerings may be impacted after the configurations are complete.

Configuring Relationships

To configure access rights, the Employee and Access business objects must contain relationships to the business object you use. By default, the system includes relationships to the Org Unit business object and the Location business object. The Org Unit filtering property is a default, and therefore cannot be deleted, nor can the Relationship change for this property.

You must manually add relationships to other business objects, such as Department, or Team to the Access business object. However, you must first check that the relationships to corresponding business objects are configured for the Employee and Access (ServiceReqTemplateEntityAccess) business objects. You may need to set up validation lists for a team or department before using them to configure user access rights. Ensure that you know the name of the validation list since it needs to be selected later.

The Edit Access Object and Edit Employee Object buttons in the Configure Access workspace take you directly to the Access and Employee business objects respectively. Click the Relationship tab to check the relationships or the Fields tab to check the default field settings. For information about creating validation lists, see Configuring the List Control.

After you have created the relationships, you can add the new access properties.

Configuring Access Rights

1.From the Configuration console, click Build > Self Service > Configure Access to open the Configure Access workspace.

The following toolbar buttons are displayed:

Configure Access Toolbar

2.Click Add Filtering Property to open the Create Filtering Property dialog box.

3.Enter information into the fields.

Field Description
Title The title displayed in the Configuration console and in the request offering on the Publish Action page.
Relationship The relationship configured on the business object that is used to filter access rights. For example, ServiceReqTemplateEntityAccessAssocDepartment or ServiceReqTemplateEntityAccessAssocStandardUserTeam.
Validation List The validation list required in the relationship that displays the values available. This option does not appear for relationships that do not require a validation list.
Employee relationship A relationship from the Employee business object. For example, DepartmentAssocProfileEmployee or StandardUserTeamAssociatedProfileEmployee.
Allow Multiple Selection Option selected to allow multi-select options in the associated validation list. Alternately, you can select only one option.  For example, if you use a validation list such as Department or Team, multiple departments or teams can be selected when configuring access. These global settings can later be changed from within the request offering.

4.Once the configuration is complete, set the request and offering permissions. These are default settings that apply to request offerings.

Request Permissions allow configured users to submit, edit, or cancel a service request based on a request offering template.

Offering Permissions allows configured users to edit, delete, or copy the service request based on a request offering template.

Field Description
Submit Users in this organizational node and location can submit a service request based on this offering.
Edit Users in this organizational node and location can modify a service request record based on this offering.
Cancel Users in the selected organization node and location can cancel a service request they submitted.
Delete Users can delete a service request record based on this offering.
Copy Users can duplicate the service request record based on this offering.

Only Service Owners can edit, delete, or copy a request offering.

5. You can edit, copy, or delete an existing access configuration (filtering property) by clicking the copy or delete icon.

6.Click Save.

Request offerings mirror the settings that you created through this function.

Edited Configure Access Page with Both Team and Department Added as Options

Request Offering Page Mirroring the Changes Made through the Configure Access Workspace

Example: Configuring Access for a Team

A company sets up access to certain service requests (request offerings) based on team membership. The Access business object is edited to be added as a configurable option in the Configure Access workspace.

1.Ensure that the Team relationship is available to the Employee business object.

a. From the Configure Access workspace, click Edit Employee Object.
b. Click the Fields tab.
c. Click Team to go to the Fields > Team workspace.
d. Ensure that Validated is checked and that the name of the pick list used is Team Of StandardUserTeam.
e. Click the Relationships tab.
f. Ensure that the Team relationship exists. The system displays it as ProfileEmployeeAssociatedByStandardUserTeam.

2.Ensure that the Team relationship is available to the Access business object.

a. From the Configure Access workspace, click Edit Access Object.
b. Click the Relationships tab.
c. Click Add new....
d. Click StandardUserTeam.
e. Copy the value in the Display Name field and paste it into the Internal Reference Name field. (Save this information as you will need it later when you select the team relationship for configuring access.)
f. Under This Business Object, click Zero or Many.
g. Under StandardUserTeam, click Zero or Many.
h. At the bottom of the page, click Add This Relationship.
i. Click Save.

3.Return to the Configure Access workspace to add the Team business object as a configuration.

a. Click Add Filtering Property.
b. Enter values in the Create Filtering Property dialog box.
c. Click OK.
d. Ensure that Team is listed as a filtering property in the Configure Access workspace.

4.Configure access for this filtering property.

a. Click Any to see the team list and select the teams that will have default access rights.
b. Set request offering permissions and offering permissions.

Setting the Organizational Unit Access

The organizational unit for a user is defined in the Employee record. Offerings defined for a specific node are also visible to their parent node. You can publish to a specific node excluding sub-trees.

1.Log in to Service Manager as a Service Owner.

2.Open a request offering.

3.Click the Publish Action tab.

4.Click the add icon at the bottom of the page.

Adding an Organizational Unit to a Request Offering

The Select Organizational Unit window opens.

5.Select the node for which to enable access. For example, select Marketing. Select Include Sub Tree to include the child nodes.

Selecting the Organizational Unit Node

Users with access to this example include Sales and Marketing, Administrators, and the Owner.

6.Click OK.

Example: Setting Access by Location

Setting access by location gives you flexibility and allows you to manage the request offering in finer detail.

The location is determined by the Location field in the Employee record.

The offering owner has access, irrespective of their location.

A default location gives access to all locations.

Users in a lower location level have access to the offering.

For example, define the following locations:

Defined Locations

The result will look as follows:

Access by Location

Select Locations Window

If North America is selected, then all users in North America, Canada, Mexico, and all child locations get access. Users in Europe will not have access to the request offering.

1.Log in to Service Manager as a Service Owner.

2.Open a request offering.

3.Click the Publish Action tab.

4.Click Default in the Location column next to the organizational unit to define.

Default Location

The Select Locations window opens.

5.Deselect Default, then select locations. For example, USA.

This enables access to all USA users, including users in child locations.

6.Click OK.

7.Set the status to published.

8.Click Save or Save & Exit.