Body
Question
- How can I restrict a user's ability to create certain tickets in a ticketing application?
- How can I restrict a user's ability to create or view certain projects in the Projects application?
- How can I restrict a user's ability to view certain projects and/or tickets in the Analysis application?
Environment
- Technician-level access to Work Management and a Ticketing or Project Application
- Enterprise-level access to the Analysis Application
Answer
The following permissions control user access to various elements within the Ticketing, Projects, and Analysis applications. These permissions primarily restrict access to specific aspects of ticket and project creation, viewing, and editing, helping limit user interactions.
View All Accts/Depts: This permission is available on the Global Security Role and allows users to view all Accounts/Departments in the relevant lookup fields, such as on tickets, projects, and report filters, as well as within the People application. With this permission, users also gain access to all associated Projects, Project Tasks, Project Requests, Risks, Issues, Hours, and Expenses within the Analysis application.
- Without this permission:
- The user’s access to Projects, Project Tasks, Project Requests, Risks, Issues, Hours, and Expenses in Analysis are restricted to those linked to their assigned Accounts/Departments.
- The user’s ability to view and edit Tickets within their ticketing applications and Analysis remains unaffected.
- The Account/Department field on a ticket will be restricted to those linked to the users assigned Accounts/Departments, but will still auto-populate with the requestor’s primary department when selected, even if the user lacks the permission to view all Accounts/Departments.
View All Types: This permission is available on the Global Security Role and allows users to view the full list of Ticket Types and Project Types in the Type lookup fields, such as when creating tickets or projects.
- Without this permission:
- The user can only select Types during Ticket and Project creation and within Reporting that are either unrestricted or permissioned to groups of which the user is a member.
- The user can still create Tickets for any Type if that Type is pre-selected as the default on a form.
- The user’s ability to view or edit existing Tickets and Projects remains unaffected.
View All Ticket, Asset/CI, and Client Portal Application Instances in Analysis: available on the Global Security Role (Enterprise only). Allows a user to access data from all Ticketing, Asset/CI, and Client Portal applications in Analysis without being assigned to them.
View All Project Application Instances in Analysis: available on the Global Security Role (Enterprise only). Allows a user to access data from all Project applications in Analysis without being assigned to them.
Providing Analysis Application access gives access to the following:
- All Accounts/Departments, Projects, Project Tasks, Project Requests, Risks, Issues, Expenses, and Hours connected to assigned Accounts/Departments, unless the user has the View All Accts/Depts permission, which grants access to all mentioned data regardless of the Acct/Dept.
- All People, Locations, and Rooms.
- All Tickets and Survey Responses within the Ticketing applications that the user has permission to access.
- All Assets/Configuration Items and Contracts within the Asset/CI applications, the user has permission to access.
- All Services, Offerings, Knowledge Base Articles, and Article Feedback within the applications that the user has permission to access.
- The ability to open/view individual items (e.g., KB Articles) may be restricted beyond reports by permissions in the client portal.
Visibility Limitations and Recommendations
Considering the permissions available, you can restrict access to creating certain tickets and projects based on restricted Types, but there is no way to limit visibility into certain tickets within a Ticketing application in Work Management (TDNext). By default, visibility into projects and project requests within Project applications is restricted to members of each project or project request. Note that users with the View All Projects permission in a Project application's security role can view all projects within that application, regardless of membership.
To limit visibility into projects and project requests in Analysis, two approaches are available depending on your needs:
- Removing the View All Project Application Instances in Analysis permission is the more targeted option. This restricts cross-application project visibility in Analysis without affecting a user's ability to view and select Accounts/Departments in lookup fields or their access to ticket and asset data.
- Removing the View All Accts/Depts permission will restrict which projects, project requests, risks, issues, hours, and expenses users can see in Analysis, limiting them to those linked to their assigned Accounts/Departments. However, this approach has broader side effects: users will no longer see all Accounts/Departments in lookup fields or report filter options. Be aware that users can still report on all Accounts/Departments even without this permission.
If users need Analysis access with restricted visibility into some projects and requests, the recommended approach is to leave the View All Accts/Depts permission enabled and instead control project visibility through the View All Projects and View All Project Application Instances in Analysis permissions. You can create a separate security role for users who require more restricted access.
Visibility into portfolios and programs within the Portfolios application is controlled separately and is not affected by the project application permissions described above.