How to restrict access to some Service Catalog item from the Fulfiller interface ?

Adil AZ · ‎09-09-2020

Hi Team,

How can i restrict access to some service catalog item (the both SCTASK and RITM) in order to be visible only by some fulfillers and not by all Fulfillers ?

Because there are some confidential request, and it shouldn't be visible by all fulfillers, even when searching by the ID Task or ID Request Item.

I know that we can restrict access of some Service Catalog item from the Service Portal by using the " Available for " or by using user criteria, but it is operational just for end-user when he well access to the Service Portal. However, my target is to secure access to some service catalog item after creating it by the end-user, juste some fulfillers or some assignment groups that can access to these SCTASK and their REQ, RITM

Thanks a lot for your help, i'm at your disposal for any further information.

Adil AZ · ‎07-26-2022

I've resolved this by using a business rules, because the form should be visible by all users, just the records created that shouldn't be visible by some fulfillers.

Thanks a lot

View solution in original post

Allen Andreas · ‎09-09-2020

Hi,

If you don't mind, can you elaborate a bit more on this statement you said: "I know that we can restrict access of some Service Catalog item from the Service Portal by using the " Available for " or by using user criteria, but it is operational just for end-user when he well access to the Service Portal."

Using the user criteria/available for will work for any user that you set that to. Not just "end-users". You can use this same approach to hide catalog items from various users like ITIL, etc. I've had cases where only the service desk (so some ITIL users, but not all) could only access a catalog item. So it's not just for end-users, have you tried?

This works for back-end UI and portal.

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Allen Andreas · ‎10-01-2020

Hi,

I just wanted to check-in on this. If my reply above helped guide you correctly, if you don't mind, please mark it as Helpful & Correct.

Thank you!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Adil AZ · ‎09-09-2020

Hi @Allen A

Thank you for your answer.

Yes i've done a test. We're OK that the forms used to create a new request for this service catalog item won't be available in back-end UI and portal for this specific Fulfiller, but he can still access to the service catalog application, and check all new requests created by the end-users regarding this specific catalog item, even if this item isn't avalaible for him, and logically he shouldn't see these new requests, because it contain a confidential and sensetive data.

I hope that i've explained more my current issue, i'm wondering if it's possible to stop also seeing the requests created from one Service Catalog item not available for this fulfiller to use.

Best regards

Allen Andreas · ‎09-09-2020

Ah, ok. I understand.

You're talking about the records created after the fact and not just the catalog item itself.

Sorry.

Ok, for that...you'd need to look at your "read" ACLs for both the sc_req_item table and the sc_task table and for current read ACLs, you'd need to set additional conditions that those don't pertain to catalog item = 'x'. So you'd have those current read ACLs in effect only if the current catalog item != 'x'.

Then create a new read ACL (1 for the sc_req_item table and 1 for the sc_task) table and set the condition that the catalog item DOES = 'x' and then set your roles accordingly as to who can see it.

So basically...you have to revoke or take away current read access that they have and then issue read access to only people you want to see it.

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!