I believe that granting permission to field id 1 essentially grants
permission to the entire record. If you wanted to prevent Example Group from
updating field C, then you would need to explicitly define View permission.
-Howard
-----Original Message-----
From: Kenny Young [mailto:Kenneth.Young@ALLTEL.COM]
Sent: Wednesday, March 24, 2004 8:06 PM
To: ARSLIST@ARSLIST.ORG
Subject: Re: "Assignee Group" permission to control field (not row)
access
Thanks for the continued responses. I often use purely workflow to
accomplish the desired restrictions, but envisioned considerably less work
if the Assignee Group thing worked the way I thought it would.
By the way, the description of my bug has changed a bit, and would like to
know if anyone else has seen this behavior, and if you agree that surely it
is not intended:
1) Assume form already exists with field id 112, and that "Assignee Group"
permission is granted to field id 1
2) Create 2 new field B, and C
3) Apply only "Assignee Group" write permission to field B
4) Apply only "Public" read permission to field C
5) Create record and set field 112 to "Example Group"
6) Log in as user with membership in "Example Group" and NO membership in
Administrator.
7) Access existing record
8) Update field C and save
...which you will be able to do with no errors or warning!
Thanks,
Kenny
-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:ARSLIST@ARSLIST.ORG]On Behalf Of Carey Matthew Black
Sent: Wednesday, March 24, 2004 9:39 AM
To: ARSLIST@ARSLIST.ORG
Subject: Re: "Assignee Group" permission to control field (not row)
access
Kenny,
Is there some way that you can identify a person who "simply should
not see the field at all"? If so then you could build workflow to hide the
field for those users. (on those data rows) Something like a Window Open
Active Link should do the job nicely.
--
Carey Matthew Black
Remedy Skilled Professional (RSP)
ARS = Action Request System(Remedy)
Solution = People + Process + Tools
Fast, Accurate, Cheap.... Pick two.
Never ascribe to malice, that which can be explained by incompetence.
"Kenny Young"
LTEL.COM> cc:
Sent by: "Action Subject: Re: "Assignee
Group" permission to control field (not row) access
Request System
discussion
list(ARSList)"
ORG>
03/23/2004 07:42
PM
Please respond to
arslist
Thanks for the several responses on this inquiry so far. Here is what I
have discovered:
A. As Carey suggested, Field ID 1 does have to have Assignee Group
permissions.
B. This special permission does not prevent visibility of the field, only
absence of the data associated with that field (thanks Lars!)
I have two conflicting thoughts regarding B. One is that it is logical, as
you don't want to hide the field, because the very next record could be
something that the user does have access to the field data for. The second
is that the situation is restrictive because it means I can never use the
Assignee Group permission on a field if there are any other users who
simply should not see the field at all...I am arguing that this second part
may be a bug with Remedy currently.
Thanks,
Kenny
-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:ARSLIST@ARSLIST.ORG]On Behalf Of Carey Matthew Black
Sent: Tuesday, March 23, 2004 12:49 PM
To: ARSLIST@ARSLIST.ORG
Subject: Re: "Assignee Group" permission to control field (not row)
access
Kenny,
I am not sure why I think this... but give it a shot.... Add
"Assignee Group" to field 1.
For some reason I have this nagging feeling that if the group is not
on field 1 then ARS just ignores the permission group all together on the
rest of the fields. (I might be very wrong about this... Like I said.. it
is just a nagging feeling.)
Other than that...
Make sure that the user does not gain access to Field B through any
other group. (Like Public, or some other static group.)
ARS Permission's are cumulative. If any group grants access, then the
rest do not matter. The user will be granted access. So the only way that a
user does not get access to the field is if ALL groups they are a member of
do not have access to the field.
HTH.
--
Carey Matthew Black
Remedy Skilled Professional (RSP)
ARS = Action Request System(Remedy)
Solution = People + Process + Tools
Fast, Accurate, Cheap.... Pick two.
Never ascribe to malice, that which can be explained by incompetence.
"Kenny Young"
ARSLIST@ARSLIST.ORG
LTEL.COM> cc:
Sent by: "Action Subject: Re: "Assignee
Group" permission to control field (not row) access
Request System
discussion
list(ARSList)"
ORG>
03/23/2004 12:13
PM
Please respond to
arslist
If user is not permitted to field 1 in any way, then he will not be able to
access the record at all, correct? I need him to see the record, just not
field "B" (in my example) for that record.
Thanks,
kenny
-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:ARSLIST@ARSLIST.ORG]On Behalf Of
lars.j.pettersson@VATTENFALL.COM
Sent: Tuesday, March 23, 2004 11:55 AM
To: ARSLIST@ARSLIST.ORG
Subject: SV: "Assignee Group" permission to control field (not row)
access
Have You checked permisson for field 1? User must not belong to any group
with access to field 1, but give assignee group access, hope I understand
correctly.
L ars Pettersson
Vattenfall Data AB
ARS Systems Engineer
S-461 88 Trollhattan
Sweden
Phone +46 520 888 35 Mobil +46 70 608 99 95
e-mail: lars.j.pettersson@vattenfall.com
www.vattenfall.se
-----Ursprungligt meddelande-----
Fran: Kenny Young [mailto:Kenneth.Young@ALLTEL.COM]
Skickat: den 23 mars 2004 18:31
Till: ARSLIST@ARSLIST.ORG
Amne: "Assignee Group" permission to control field (not row) access
Has anyone accomplished this? Row-level is no problem, but permission to
fields is not working correctly.
Here is my experiment:
1) Create field A (w/ field id 112) on form
2) Create another char field (B), and grant view permission only to
"Assignee Group"
3) Open an existing record from the form, and populate the A-field with a
single specific group, using the menu attached to the field
4) Log in to Remedy as a user without admin permissions, and without
membership in the group specified in the A-field of the subject record
5) Open form, search by id for the record
6) Record is displayed, and field B is also visible (shouldn't be)
Where might I be going wrong? Am I correct in understanding that this
should be possible?
Thanks,
Kenny Young
Remedy IT Support
****************************************************************************
**************
The information contained in this message, including attachments, may
contain
privileged or confidential information that is intended to be delivered
only
to the
person identified above. If you are not the intended recipient, or the
person
responsible for delivering this message to the intended recipient, ALLTEL
requests
that you immediately notify the sender and asks that you do not read the
message or its
attachments, and that you delete them without copying or sending them to
anyone else.
UNSUBSCRIBE or access ARSList Archives at http://www.ARSLIST.org (Support:
mailto:support@arslist.org ) ARSList is hosted by QMX SUPPORT SERVICES at
www.QMXS.com
UNSUBSCRIBE or access ARSList Archives at http://www.ARSLIST.org (Support:
mailto:support@arslist.org ) ARSList is hosted by QMX SUPPORT SERVICES at
www.QMXS.com
****************************************************************************
**************
The information contained in this message, including attachments, may
contain
privileged or confidential information that is intended to be delivered
only to the
person identified above. If you are not the intended recipient, or the
person
responsible for delivering this message to the intended recipient, ALLTEL
requests
that you immediately notify the sender and asks that you do not read the
message or its
attachments, and that you delete them without copying or sending them to
anyone else.
UNSUBSCRIBE or access ARSList Archives at http://www.ARSLIST.org (Support:
mailto:support@arslist.org ) ARSList is hosted by QMX SUPPORT SERVICES at
www.QMXS.com
UNSUBSCRIBE or access ARSList Archives at http://www.ARSLIST.org (Support:
mailto:support@arslist.org ) ARSList is hosted by QMX SUPPORT SERVICES at
www.QMXS.com
****************************************************************************
**************
The information contained in this message, including attachments, may
contain
privileged or confidential information that is intended to be delivered
only to the
person identified above. If you are not the intended recipient, or the
person
responsible for delivering this message to the intended recipient, ALLTEL
requests
that you immediately notify the sender and asks that you do not read the
message or its
attachments, and that you delete them without copying or sending them to
anyone else.
UNSUBSCRIBE or access ARSList Archives at http://www.ARSLIST.org (Support:
mailto:support@arslist.org ) ARSList is hosted by QMX SUPPORT SERVICES at
www.QMXS.com
UNSUBSCRIBE or access ARSList Archives at http://www.ARSLIST.org (Support:
mailto:support@arslist.org ) ARSList is hosted by QMX SUPPORT SERVICES at
www.QMXS.com
****************************************************************************
**************
The information contained in this message, including attachments, may
contain
privileged or confidential information that is intended to be delivered only
to the
person identified above. If you are not the intended recipient, or the
person
responsible for delivering this message to the intended recipient, ALLTEL
requests
that you immediately notify the sender and asks that you do not read the
message or its
attachments, and that you delete them without copying or sending them to
anyone else.
UNSUBSCRIBE or access ARSList Archives at http://www.ARSLIST.org (Support:
mailto:support@arslist.org ) ARSList is hosted by QMX SUPPORT SERVICES at
www.QMXS.com
Previous Topic
Index