Chad Brown

Permission conflicts in Roles - Service Catalog

Discussion created by Chad Brown on Mar 20, 2015
Latest reply on Mar 22, 2015 by Yuval Pecht
When assigning permissions in Roles for Service Catalog items, they are running as "EITHER/OR" instead of  "AND".

We created a number of Service Catalog requests and set them to specific departments only. We verified them and flipped them to Approved State.

We set permissions in Roles to those recommended online:
Permission | Read | Service Catalog | State: Approved
Permission | Read | Service Catalog | Department: -- User's Department --

The end result is every can see all the Approved Service Catalog items, regardless of Department.

Instead of the Application following the logic of:
1. Is the State: Approved? YES, then continue (GO TO 2.), NO (STOP)
2. Is the Department: -- User's Department --? YES, show on Portal (STOP) or NO, do not show on Portal (STOP)

It appears to be following the logic of:
1. Is the State: Approved? Yes, then show on Portal (STOP)
2. Is the Department: -- User's Department --? Yes, then show on Portal (STOP)

From the write up on adding the Scope of Department & Site to the Service Catalog, it seemed the intent was to allow department/site specific catalog items that did not clutter everyone's Service Catalog.

Outcomes