CA Service Management

 View Only
  • 1.  RESTRICT ACCESS TO SDM AT SOME TIMES

    Posted Aug 04, 2020 10:26 AM
    Could anyone help with a solution to restrict access the SDM at set times?

    Some users with positions may have access to the SDM outside of office hours, at specific times or only on weekends. Could this restriction be made in EEM or just SDM 17.1? We have EEM 12.6 integrated with AD and in this we have the position information for each user.

    I appreciate the help.


  • 2.  RE: RESTRICT ACCESS TO SDM AT SOME TIMES
    Best Answer

    Broadcom Employee
    Posted Aug 04, 2020 12:55 PM
    Edited by Marcos Domingos Aug 07, 2020 02:17 PM
    Marcos............

    If you are using EEM for authentication, you might be able to setup an account lock policy.  Perhaps you can open a support case with EEM Support to see what is involved in setting up this policy.

    From an AD side, perhaps you can enable a policy to set certain logon hours for the users.  For example https://www.manageengine.com/products/active-directory-audit/kb/how-to/how-to-set-logon-hours-in-active-directory.html

    I am not aware of any option OOTB within SDM to restrict application access at specific times.

    ------------------------------
    Paul Coccimiglio
    Principal Support Engineer
    Broadcom Inc.
    ------------------------------



  • 3.  RE: RESTRICT ACCESS TO SDM AT SOME TIMES

    Broadcom Employee
    Posted Aug 06, 2020 08:01 AM
    An idea you can try on SDM side is

    i. Assign the users you do not want to be able to login to a specific Access Type and set the authentication method 'NO ACCESS' for the duration you don't want them to access the system. When you want them to access the system again you assign them to an Access Type that allows access. This will work, but will definitely require a lot of manual human admin intervention.

    ii. Alternatively, when you don't want specific users to login, you simply make their records inactive for the duration of the period you don't want them to be able to log in. Again this will require manual admin, which could be a bit of a nightmare as this cannot be automated OOTB.

    ------------------------------
    Kind Regards,
    Brian
    ------------------------------



  • 4.  RE: RESTRICT ACCESS TO SDM AT SOME TIMES

    Posted Aug 06, 2020 12:30 PM
    I appreciate the support my friend, but I really need something automated, as it is related to the users' workday. Unfortunately due to the particularities of the company, we cannot configure it in AD, which I think would be the most correct place. I will take the use of EEM policies to the test environment.


  • 5.  RE: RESTRICT ACCESS TO SDM AT SOME TIMES

    Posted Aug 07, 2020 10:28 AM
    My curiosity is piqued. What is the business case for restricting users' access to Service Desk?

    ------------------------------
    Lindsay Estabrooks
    Principal Consultant
    IT-EDU Consultants
    ------------------------------



  • 6.  RE: RESTRICT ACCESS TO SDM AT SOME TIMES

    Posted Aug 07, 2020 02:17 PM
    There is a legal concern about the correct fulfillment of employees' Work Shifts. The company does not want to take risks in lawsuits for extra work outside the contracted hours. However, they do not want to block all the applications that these same employees can use, only the SDM. I think that if there is a legal issue, it was to block everything, but unfortunately they only want the SDM.