CA Service Management

We have created read only access type. And now we need to give access to the same users to update only log comments. They should not change anything on the incident or change order or request.

Is it possible?

Thanks,

Pramila

Pramila, I don't think this is possible. The function group for the alg(activity log, the object you will create if log comment) is call_mgr, the same function group for cr/in/pr. So without modify right for call_mgr, you can't log comment. Thanks _Chi

This is actually possible. You would need to create a new functional access and then use a modify statement to have the alg factory use the new functional access.

I can share an example when at the office.  

Grant, I am not sure changing the alg function access is a good idea, though technically it is possible. Doing this would need a lot other changes as well, potentially hitting something unexpectedly. Thanks _Chi

Hi Chi,

I can't think of anything else that would need to be changed, would you mind explaining?  The list/detail forms check the functional access tied to the object, so they wouldn't need to be updated.

Grant, for example, roles have cr/in/pr modify/view would need to change as well otherwise those analysts won't be able to update tickets as SDM assumes when some role's cr/in/pr has modify function access  that role should have the same access to alg but once you change alg function access to my_call_mgr, it is not the case anymore.  Besides, potentially, the base code could have this assumption as well("access to alg is the same as access to cr/in/pr"). Thanks _Chi

Thanks Chi,

I understand where you're coming from, but also want to point out that the Functional Access detail page has an edit in list for this very reason.   If we shouldn't be messing with functional access them maybe it shouldn't be configurable in the admin menu? 

Grant, this is a very helpful discussion. I think edit in list is there for change the access level only not the code. In fact, I wouldn't change the code for those system/operation objects if the web page allowed me to. Thanks _Chi

I respect your caution..  We have a slightly different point of view as there's a whole team dedicated to developing features for our CA ITSM solution..  So if we have a valid business case that requires a simple customization to the tool we'll customize the tool, document, and send it through a full QA pass.

But I can see why it doesn't make sense for not everyone to follow this approach.

Chi_Chen and Grant Bruneau Thank you so much for your valuable discussion. Please let me know if it can be fixed with ETA or can I update the same with my management.

Thanks,

Pramila

Hi PramilaJanarthanan,

There isn't anything to "fix".  The customization I was suggesting isn't supported/recommended by CA.  You can post an idea to the requesting the ability to split apart the call_mgr/activity log functional access.   I would love to see more control around functional access, in my opinion each object should have it's own configurable access.