Workflow and ServiceDesk Community

 View Only
Back to Library

What do I need to know about Request Access To Network Share in ServiceDesk 7.5/7.5 SP1? 

May 21, 2015 06:00 PM

The goal of this article.

To give an overview on how Request Access to Network Share project works, what are the prerequisites for it to work properly and what does the process look like from the user/technician/administrator side.

The goal is not to give an extensive overview of what is possible with the project, a detailed component-by-component details or how to modify it to your needs. With some knowledge about Workflow projects it is fairly well readable project.

A known issue.

First, in both ServiceDesk 7.5 and 7.5 SP1 there is a wrong variable used in several send e-mail components in SD.RequestAccessToNetworkShare project that prevent notification e-mails from being sent properly. In ServiceDesk 7.5, this prevents notifications from being sent, in ServiceDesk 7.5 SP1 it may actually break the process.

To amend this, open the project in Workflow Manager and:

  1. At the top of the left pane, click 'Find Components', check 'Filter By Type' an select 'Send Email' from the 'Type' list. You should see 15 results (in Primary Model > Notify Requester/Recipient).
  2. Double click on first search result Send Email component, it will open the correct model and highlight the component. Double-click on the component.
  3. Go To Email Settings tab and click '...' button next to 'SMTP Server Name' field.
  4. Click on the '[ProfileProperties].service_desk_settings_smtpmail_server' in the list and click 'Remove'.
  5. Click Add, select [ProfileProperties] > service_desk_settings_smtp_mail_server in the dialog and click OK.
  6. Click OK until you are back in the main project window.
  7. Repeat steps 2-6 for the rest of the search results.
  8. Save the project (File > Save or floppy icon on the toolbar).
  9. Publish the project to your ServiceDesk server (File > Publish Project). In most cases all you need to do in the dialogs that follow is to select '(local)' under 'Standalone Servers' and click Next > Next > Next > Next until the publishing proceeds and then click Finish after it completes.

Projects with the change already made:
 https://symantec.box.com/s/c53q82txk4hbg5hzz3i3s5qkpmdscepw (SD 7.5)
 https://symantec.box.com/s/sdv0u6ebsrbxywxigp4nbdfg482lmr17 (SD 7.5 SP1)
With these projects, just open them on ServiceDesk and only step 9 from above has to be done (Publish the project).

These fixes will probably appear in the ServiceDesk Point Fixes KB articles as well.

Prerequisites:

  • Active Directory profile must be set up:
    Start > All Programs > Symantec > Workflow > Workflow Designer > Tools > Credentials Manager
    It is recommended to set AD Profile up with domain admin to avoid permissions issues.
  • All involved users (users to have their password reset and their managers) must have Email Addresses and telephone numbers populated in Active Directory. If this is not the case, there will be various issues, sometimes without a descriptive error message.
  • All involved users must have Manager information set in Active Directory.
  • SMTP server and 'mail from address' settings in ServiceDeskSettings must be set (Admin > Data > Application Properties > ServiceDeskSettings)
  • Shared Folders need to be created in AD as AD objects and need to have a Share Manager set (and Share Manager needs to have e-mail address).
  • Domain account configured in AD Profile must have enough (preferably Full Control) permissions on Shared folders.

Process steps and description

Here is a verbose description of the out-of-box process from user and technician view. Provided that the prerequisites listed above are met, you should not run into problems. I have included the ticket statuses and completion percentages here to help understand the ticket progression and its notation in the portal.

1. 'Specify AD Server' page will display and allow selection from list of AD Profiles that are set up.

2. On 'Request Form' page fill out recipient info and selection of the shared folder and access level. 

3. After selection, 'ReviewRequest' page is shown where details on the request are displayed. When details are confirmed, a ticket named ITSR-000### is created. 

Status: Request Sent to Manager for Approval - 20%

3a. If user's manager is also Share Manager, 4. (user's manager approval) is skipped.

Status: Request Sent to Share Manager for Approval - 40%

4. If user's manager is not the Share Manager of requested share ticket is assigned to the user's manager and a notification e-mail is sent to the manager with subject - Access to Network Share Request: ITSR-000### assigned to you.

4a. If user's manager denies the request, ticket will be closed.

Status: Request Denied by Recipient's Manager - 100%

4b. If user's manager approves the request, ticket will go to Share Manager.

Status:  Request Approved by Recipient's Manager - 40%

5. Ticket is assigned to the Share Manager and a notification e-mail is sent to the Share Manager with subject - ITSR-000### Approval Required to Grant [User Name] Access to Network Share

5a. If Share Manager approves the request, access to the share will be granted to the user and ticket will be closed.

Status: [User Name] granted access to '[Sharename]' folder in AD. - 100%

5b. If Share Manager denies the request, ticket will be closed.

Status: Request Denied by Share Manager - 100%

Note: there is a graphical process drawing in the Business Model that may be better for overview when you look at the project in Workflow Designer.

Customizing E-mail Notifications

The first steps are similar to fixing the known issue - to open the project and find the Send Email components.

  1. At the top of the left pane, click 'Find Components', check 'Filter By Type' an select 'Send Email' from the 'Type' list. You should see 15 results (in Primary Model > Notify Requester/Recipient).
  2. Double click on the desired Send Email component, it will open the correct model and highlight the component. Double-click on the component.
  3. In Email Contents tab Contents section, Subject and Html Content are the fields you want to modify. Click '...' button at the right to edit and a fairly straightforward WYSIWYG editor opens.

Editing is the simple part, understanding which e-mail is sent when requires some understanding of the project - or trial and error with e-mails you have received while testing :)

Note: Add User To Share Global variable

Project has a global variable called AddUserToShare that can be set to False before republishing. This enables a large part of the additional flow in and after the Share Manager choice to grant user access that deals with how exactly the access is granted.

This requires AD Administrators group to exist in ServiceDesk and essentially users in that group to be Domain Admins.

6. In the dialog asking Share manager to give user access to the share you can now select a group (that has access to the share) to put the user into instead of creating permissions for the user itself on the share. 

6a. If the selected group does not have a manager, ticket is assigned to the AD Administrators. AD Administrators then have an option to add user to the selected group, select a different group, assign a manager to the selected group or deny the request.

6b. If the selected group has manager (or AD Administrators have chosen to add one in step 6a) to grant membership to the selected group ticket is assigned to the manager of that group in AD. Manager of the group then can approve or deny the request.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

toomas
Jan 20, 2017 04:02 AM

I seem to have misplaced the fixed projects from where the links in the article point to. However, the fixed project for SD 7.5 SP1 has made its way to the point fixes article:

TECH212326: Point fixes For ServiceDesk 7.5 SP1
Look for: Updated SD.RequestAccessToNetworkShare.pac - TECH230527.zip  (1.7 MB)
 

Related Entries and Links

No Related Resource entered.