Assigning organizational unit permissions

To enable a user to view, edit, or delete tickets that all belong to the same organizational unit, you can configure a field as an organizational unit for a contact in the address book and assign appropriate container role permissions. For information about setting a field as an organizational unit for a contact, see To configure a contact item.

Setting a field as an organizational unit is useful when supervisors want to view or update all the tickets created by users of their department. It saves time because users with the same organizational unit can implement a resolution or respond to a customer for all tickets of their organizational unit without a delay. After you set a field as an organizational unit in the container role, you can configure the View, Edit, and Delete item permissions for the organizational unit.

For example, you have created a field named Company in both workspace tickets and address book contacts. For user John Smith, the field Company is set as an organizational unit in his contact record, with the value Calbro Services. You have configured a Ticket/Contact relationship between the workspace and the address book. This relationship enables John to view all the tickets in the linked container that have the value Calbro Services in the Company field.

The following topics are provided:

Key considerations

  • By default, the View, Edit, and Delete permissions are set to No for the agent and customer roles. However, you can assign these permissions to the agents and customers. You cannot assign organizational unit permissions for the Guest role.
  • You can assign the organizational unit permissions for:
    • ticket items in workspaces
    • all items in CMDB
    • for all the items except work targets in Service Portfolios.
  • If you use an external address book (such as LDAP, SQL, Salesforce, and so on), the information about the contacts in that address book is not stored in the FootPrints database until one of the following events occur:
    • The contact is linked to a ticket.
    • The user associated with that contact logs in to the system.

The organizational unit feature uses the information stored in the FootPrints database. Even with organizational unit permission, users who have never been linked to a ticket or have never logged in to the FootPrints system cannot view or edit any records. Sending an email message is the most common example of a user trying to view or edit an existing ticket, without logging into the system.

  • If the organizational unit value has changed in the external address book, FootPrints does not recognize it until the next time the user is linked to a ticket. Linking an external contact to a ticket updates all contact information stored in the FootPrints database.
    For example, Department is the organizational unit for a user that works with the Marketing department. After some time, the user moves to the Sales department, but the local copy of the contact still has Marketing as the organizational unit value. This value is updated to Sales the next time the contact record is linked to a ticket.
  • If you have multiple address books linked to a container, and these address books store copies of contacts for the same user, the system sorts all the address books based on the date on which the address book is created. By default, the system sorts in oldest to newest order until it finds the first matching contact for a user. The system considers this contact as the user contact and applies the organizational unit permissions for that contact.
  • If you want to change the sorting order of the address books, you must contact BMC Support.

Before you begin

  • Ensure that you have configured a field on the user's contact item as an organizational unit.
  • Ensure that you have configured a field on your ticket record definition with exactly the same name as the organizational unit field you configured on the user's contact item.
  • Ensure that you have configured a relationship between the container and the address book.
    For example, a Ticket/Contact relationship between a workspace and address book. For more information, see Configuring relationships.
  • On your container form, use the relationship that you defined between the container and the address book to configure a link control. Make sure the field selected as the organizational unit on the user's contact item is selected as a Linked Field. For more information, see Configuring link controls on forms.

To assign Organizational Unit permissions

  1. Click the Administration tab.
  2. In the User Management section, click Roles.
  3. Select the container role that you want to modify and then click Edit.
  4. Click the Item Permissions tab and expand the Ticket section.
  5. To assign the viewing permission, in the Permission Name column, expand Viewing.
  6. Select Organizational Unit and set the Access Level to Yes.
  7. To assign the editing permission, in the Permission Name column, expand Editing and repeat step 6.
  8. To assign the deleting permission, in the Permission Name column, expand Deleting and repeat step 6.
  9. Click Save.
    The new permissions are applied immediately for all users assigned to the respective container role.

Related topics

Configuring contact items

User roles and item permissions

Was this page helpful? Yes No Submitting... Thank you

Comments