Friday, February 27, 2009

HEAT: Create Restricted Call Groups

A client asked this: We are using HEAT 8.45 and want to restrict the calls of a specific group of users from the rest of the HEAT users. We do not want to use a separate database - is there any other way to do this?

Yes, it is a bit labor intensive, but can be done:

The primary tools available are view sets and call group security. In addition, the use of security roles and teams are implicit in this method of securing the data for a group (or groups) of HEAT users.

View sets are used to restrict which fields are viewed on a HEAT form. For example, if we want to restrict certain fields from appearing in the Profile then we can create a view to show that only to the restricted group. Views can also be assigned to Teams, so we can restrict IT analysts from viewing Team views that are classified as the restricted team.

View sets would in concert with Call Group security to lock down the HR data. Call Group security is outlined below.

In Administrator, it would be necessary to lock down the following rights by security role. This would involve having an Unrestricted security role and a Restricted security role.

The rights that would be restricted are:

* Team Groups
* Heat Board
* Call Groups
* Simple Searches
* Right to Go To Call

So, under the each security role, they will be given specific access to view the Call Group, Team Group, Heat Board, etc for their calls only. The respective departments, however, would not be allowed to create any of the above items or enable them.

As an additional layer of security, in the event that something is missed in the security role definition for IT, the following group would serve as a catch-all for any Restricted ticket that might inadvertently appear:

For example, if you use the Dept field o designate which are Restricted tickets, then you can create a Call Group that designates all open assignments that are not closed, not resolved and not in the Restricted department as Active IT Calls and that is all they will be allowed to view

Note: for handling Call Browse, by restricting Call Groups, you would restrict Call Browse to only showing tickets in their allowed Call Group.

Note: for handling Go To Ticket (to prevent someone from randomly entering ticket numbers under Ctrl G, there is a right in Administrator called Right to Go To Call, which would be disabled for IT except for tickets in their allowed Call Groups.

No comments: