Friends, need help to solve the question below:
The Service Provider has more than 300 clients (tenants) where the SDM is used for Service Desk and Guarantee Agreements. Some of the Guarantee Contracts are companies that have branches across the country (Tenant, Tenant A1, Tenant A2, Tenant A3). In certain situations, there is a user (User 1) which is contact over a contract for the same company (Contract A, Contract A2, Contract A3). Each contract has a Service Catalog (Incident Area) which is different from the others. Our goal is to make this user can view the categories (Incident Area) of contracts in which it is registered. However, as the user is linked to a single organization and this organization is linked to a single contract, they can not all catalogs of contracts are viewed, that is, the user can only see only the contract catalog in which it is linked your organization. Important to mention that each contract in question has its own cost center and that's why there is a need to separate. Another detail is that sometimes is asked explicitly that a user (User 2) has no access to the categories of another contract, that is, it can only register tickets for the contract in which it is linked (Tenant A1, Contract A1).
We are SDM1 14.1, but do not use the USS and the Catalog. So this solution should be adhering to the traditional portal. I believe that perhaps the solution is on the side of configurations Tenants (Subtenants, etc.) or through data partitions.
Does anyone have any idea how I could solve? Thanks.
It does sound like you have a bit of complex situation on your hands, and it may require a complex solution. I will say that data partitions alone aren't going to help. I will also say that a user who belongs to tenantA1 wouldn't typically be able to see items from other tenants unless the tenant settings on the role were adjusted to allow it (and there it's mostly that a person can see everything, or only their tenant). I think tenant groups are likely your best bet. Groups would need to be created that need some data shared, and then perhaps a special Role would need to be created and assigned to the users who need to access multiple roles, and the "Tenant Group" option can be used for the tenant rights on the Role.
Yes I think tenant group is the way to handle this however I can tell you that this can come really complex and will be a nightmare to maintain in your case.
I agree with Jerome here. The management of the tenant groups' data will be a manual process, and you would have to have a process on deciding what groups have access to what data whenever that reference data is created. Along with that, as Alex explained you will most likely have to drive the access via roles, in which you would need to look at each user individually and determine which roles they will need (as opposed to giving a contact an access type, and that access type has roles assigned to it already) because it may be different for each contact. Every time a new contact is created, you will need to manually give it the roles that it will need. Same goes for when a user changes their role within the company or has added responsibility, they would need to have their roles manually updated again. Makes for a lot of "electronic paperwork" as we call it.
Something like this would need to be VERY well throught out and drawn up on paper, and tested really before it could be implemented successfully.
Thats my 2 cents
Hi Marcos.Domingos - Did any of the responses help answer your question? If so please mark as Correct Answer. Thanks!