In our environment, workers tend to work on incidents that may be assigned to others members in the group. This is helpful if a worker is away sick or on vacation. In Service Desk the permissions are usually set at the group level and the permissions pushed down to the worker. However, if a worker is directly assigned an incident then that means that permissions for that group are bypassed and no one in that group can work it.
To fix this issue I did a simple customization to allow groups that a user belongs to be able to work the incident. Because a user can belong to more than one group, I added all of the groups so that users in every group has permissions. If you want to specify the group by incident classification then you can do that as well.
1. Open up the SD.IncidentManagement project and go to Model: Initial Diagnosis -> Initial Diagnosis Dialog Workflow component -> Event Configuration tab -> Start Process [...]
2. Search for an Embedded Rule Model component and place it after the three Add Process Permissions as shown in the diagram below
3. Double-click on it and setup the process as shown below. You can ignore any error messages as we will configure them each component. The ones that are disabled can be ignored as they are part of another customization that deals with permissions to the Document Library
4. Configure each component as shown in the following screens. We are going to do the following:
- Get all the groups that the assigned worker belongs to
- Filter out the All Users group since everyone belongs to that group
- Add permissions to the incident for each group the worker belongs to
I added exception handling for the GetUserGroups and GetGroupByName components but you can also add another one to the Add Process Permissions. Permissions to the Document Library are not set here as it the All Users group is granted access to the it in the Setup Process located in the Primary and CreateIncidentAdvanced models.