ServiceDesk

Hello,

We have an employee who is no longer part of our group.  They are still with the company.  They have tickets from the past that they worked and because of that they have permissions to access and comment on them.   We need to remove this employee's ability to access the tickets they have permissions on, but still keep their user account active (because they are still part of the company and may need to have tickets created for them as end users).

Any suggestions on a good way to handlie this situation?

Thank you.

can't you just go into security/account mgmt and specifically deny them everything?  or move them to the everyone group instead of IT/helpdesk/etc?  might also depend on how (or if) you linked AD with the SMP accounts/groups - may have to move the user in AD first, then force update in the console. 

I did try both of those you mentioned, but it did not work.

I ended up locking the account and setting the password to expired.  This prevents them from logging into the system.

I orginally tried disabling their accout, but that of course took them out the affected user list.

It looks like the problem has to do with the fact that because they were given permissions on some tickets (due to having tasks assigned to them), they were able to continue commenting in tickets (even though they have no business needs to do so).

You might want to create an Idea around this...

You are correct that the issue is caused to old permissions being set when the employee was a ServiceDesk engineer.

The below query will show which incidents the user can edit. You will need to update the CanEdit permission from the ReportProcessPermission table to be 0 to prevent the user from editing the tickets in the future.

Thank you.  This was very helpful.