Question
- How can I restrict a users' ability to create certain tickets in a ticketing application?
- How can I restrict a users' ability to create or view certain projects in the Projects application?
- How can I restrict a users' ability to view certain projects and/or tickets in the Analysis application?
Environment
- Technician-level access to TDNext and a Ticketing or Project Application
- Enterprise-level access to the Analysis Application
Answer
The following permissions control user access to various elements within the Ticketing, Projects, and Analysis applications. These permissions mainly restrict access to certain aspects of ticket and project creation, viewing, and editing, helping to limit user interactions.
View All Accts/Depts: This permission is available on the Global Security Role and allows users to view all Accounts/Departments in the relevant lookup fields, such as on tickets, projects, or report filters, and within the People application. With this permission, users also gain access within the Analysis application to all associated Projects, Project Tasks, Project Requests, Risks, Issues, Hours, and Expenses.
- Without this permission:
- The user’s access to Projects, Project Tasks, Project Requests, Risks, Issues, Hours, and Expenses in Analysis are restricted to those linked to their assigned Accounts/Departments.
- The user’s ability to view and edit Tickets within their ticketing applications and Analysis remains unaffected.
- The Account/Department field on a ticket will be restricted to those linked to the users assigned Accounts/Departments, but will still auto-populate with the requestor’s primary department when selected, even if the user lacks the permission to view all Accounts/Departments.
View All Types: This permission is available on the Global Security Role and allows users to view the full list of Ticket Types and Project Types in the Type lookup fields, such as when creating tickets or projects.
- Without this permission:
- The user can only select Types during Ticket and Project creation and within Reporting that are either unrestricted or are permissioned to groups where the user is a member.
- The user can still create Tickets for any Type if that Type is pre-selected as the default on a form.
- The user’s ability to view or edit existing Tickets and Projects remains unaffected.
View All Application Instances in Analysis: This permission is available on the Global Security Role and allows a user to access data from all Client Portal, Ticketing, and Asset/CI applications within the Analysis application, even if they are not assigned to those applications.
Providing Analysis Application access gives access to the following:
- All Accounts/Departments, Projects, Project Tasks, Project Requests, Risks, Issues, Expenses, and Hours connected to assigned Accounts/Departments, unless the user has the View All Accts/Depts permission, which grants access to all mentioned data regardless of the Acct/Dept.
- All People, Locations, and Rooms.
- All Tickets and Survey Responses within the Ticketing applications the user has permission to access.
- All Assets/Configuration Items and Contracts within the Asset/CI applications the user has permission to access.
- All Services, Offerings, Knowledge Base Articles, and Article Feedback within the applications the user has permission to access.
- The ability to open/view individual items (e.g., KB Articles) may be restricted beyond reports by permissions in the client portal.
Best Practices
Considering the permissions available, you can restrict access to creating certain tickets and projects based on restricted Types, but there is no way to limit visibility into certain tickets within a Ticketing application in TDNext. Visibility into Projects and Project Requests is restricted within the Projects and Portfolio applications to those who are members of each project or project request.
To limit visibility into all Projects and Project Requests in the Analysis application, removing the View All Accts/Depts permission will restrict which projects and requests users can see. However, there are limitations to this, especially when it comes to the Ticketing application. For instance, removing this permission will limit the ability to view and select all Accounts/Departments in lookup fields.
If you need to restrict access to Projects and Project Requests in Analysis, it’s best to leave the View All Accts/Depts permission enabled for most users. You can create a separate security role for those who need Analysis access but require restricted visibility of some Projects and Requests. Be aware that removing this permission also affects reporting, as users will no longer see all Accounts/Departments in the report filter options, but they can still report on all Accounts/Departments.