ServiceDesk

Does anyone know where the permissions are set to the document category when an incident is reassigned? I looked at the SD.IncidentManagement and SD.IncidentEscalation workflows but can't find it anywhere. In the SD.IncidentManagement I can see that the permissions for the group and user are set in the Event Configuration tab but no where does it set the document category permission.

I was told the Add Process Permissions applies to the report and that the document category permissions were separate so how does the permissions for it get set when it has been reassigned? On a side note, I was wondering how others have handled permissions when an incident has been directly assigned to a worker? Because the incident has not been assigned to a group yet, this means that other workers will not be able to work the ticket unless the worker adds the group in the permissions list.

From what I can tell, the permissions for the document category are set initially when the incident is created, and never changed.  The initial permissions are set in the Setup Process embedded models in SD.IncidentManagement in both the primary model and CreateIncidentAdvanced model.  There are explicit permissions set for Support I, Support II, Service Managers, and All Users.  All Users get the permission to view all documents in the category and add documents.

As far as the incident permissions go, I just gave all of Support I and Support II Can Administrate permissions on all tickets.  Then anyone in those groups can work any other ticket.  That works for us because we have a fairly small team.  If you want members of a group to always be able to work tickets that any individual member is assigned, you would have to do a lookup of the groups the individual is a member of (excluding All Users) and then add the Can Administrate process permission to those groups in the Reassign or Assign To Me tasks.

You're right, that was the setting that grants anyone access to it which is really not ideal. I was specificaly looking for when it granted a group permission that it should grant the permissions to the document category as well similar to that setup. I'll need to change that behaviour as there are documents in groups that all users should not have access to.

We have 22 groups and I've granted Support I and II full permissions and but when a person is directly assigned something then it gets messy because no one else in that group can work it because they don't have the right permissions. I've modified the workflow to check what group(s) the assigned person is in and just granted those group Can Admin permissions so I solved that problem. Thanks for the help. 

Just to add I don't know why the developers granted All Users access to the documents which means that anyone can view them. Permissions in Service Desk seem all over the place as there's permission restrictions to view the report but then to allow anyone to view documents which may be sensitive is just poor programming. It should have been the same as the setup process where when you grant a user/group permissions to the report you grant them permissions to the Document Category at the same time.