Service Desk User Security

Note: When you create a pre-defined service desk using the Service Desk > Setup page, much of the user security issues described in this topic are configured for you.

Note: See System > User Security for an introduction to VSA user security concepts mentioned in this topic.

Access to Service Desk definitions and tickets, knowledge base desks and KB articles comprises five levels of user security:

• Role Types
• User Roles
• Users
• Scopes
• Field Permissions

Note: Machine roles and Service Desk are discussed in a separate topic, Integrating Service Desk and Live Connect.

Role Types

Kaseya licensing is purchased by role type. There are separate role types for licensing users by user role type and licensing machines by machine role type. Each role type enables selected functions listed in the User Roles > Access Rights tab and Machine Roles > Access Rights tab. The number of role type licenses purchased displays in the System > License Manager > Role Type tab. Each role type license specifies the number of named users and concurrent users allowed.

User licensing for the Service Desk module is purchased and managed using two user role types:

• Service Desk Administrators - Equivalent to a Master role user within the Service Desk module only.
• Service Desk Technicians - A user who works with tickets and KB articles.

Note: The Master role is assigned the Service Desk Administrators role type by default.

User Roles

Three user roles are created when the Service Desk module is installed. These user roles provide three types of function access typically required by Service Desk users. You can use them as is, or modify them if you like, or use them as models for creating your own new user roles.

• SD Admin – A Service Desk administrator who has access to all Service Desk functions and all service desk tickets, regardless of scope. An SD Admin can create and edit service desks, configure Service Desk support tables and Service Desk procedures, and perform all actions on tickets. Only SD Admin users have access to advanced functions in the Service Desk > Tickets table such as Delete, Unlock, Export and Import. Like a Master role user, an SD Admin user is not limited by field permissions, described below. This user role is a member of the Service Desk Administrators role type.
• SD User – A Service Desk user who works with Tickets, Archived Tickets, Search All and Preferences by User. This role does not permit access to service desks, procedures or any other support tables. This user role can only view published KB articles, but cannot create or edit KB articles. This user role is a member of the Service Desk Technicians role type.
• KB Admin – A Service Desk administrator who creates, edits and manages KB articles. The KB Admin user has access to all Service Desk functions. This user role is a member of both the Service Desk Administrators and Service Desk Technicians role type.

Users

A VSA user only has access to the Service Desk module and functions by assigning that VSA user to a user role using the Service Desk Administrators or Service Desk Technicians role type.

Scopes

Scopes and Service Desks

VSA users using a role linked to the Service Desk Administrators role type can see and work with any service desk and any ticket in the Service Desk module.

VSA users using roles linked to any other roletype cannot see a service desk definition unless the service desk definition is added to the scope they are using.

Note: See Visibility of Service Desk Tickets by a Staff Member for an alternate method of making tickets visible to staff members.

Assigning a service desk definition to a scope using System > Scopes provides:

• Visibility and selection of the service desk in drop down lists in Service Desk.
• Visibility and selection of service desk tickets in ticket tables.

Scope access only provides visibility of tickets. Further access to editing tickets is determined by field permissions.

Scopes, User Roles and Knowledge Base Desks

VSA users using a role linked to the Service Desk Administrators role type can see and work with any knowledge base desk and any KB article in the Service Desk module.

Knowledge base desks do not need to be added to user roles or scopes for KB articles to be visible to all VSA users using roles linked to the Service Desk Technicians role type.

If you are using the pre-configured KnowledgeBase desk, any KB articles set to the Published stage are visible and viewable for all service desk users and machine users in Live Connect, regardless of user role or scope. The same is true for any knowledge base desk created from scratch, so long as the KB article is set to the End stage, whatever the name of that End stage.

If you want non-service desk administrators to be able to create a new KB article and edit the KB article, but don't want those same users complete service desk administrator access, select or create a user role associated with the Service Desk Technicians role type. Then associate the knowledge base with the user role using Preferences by Role or the Definitions > Access > Roles tab. Then assign users to that user role. The KB Admin user role can be used for this purpose. The KB Admin is already associated with the KnowledgeBase desk. You only need to remove the Service Desk Administrator roletype from the KB Admin user role.

Field Permissions

VSA users using a role linked to the Service Desk Administrators role type can see and work with any field in any ticket editor or KB article editor. Master role users also always have complete field permission access, regardless of roletype assignment.

For VSA users using roles linked to the Service Desk Technicians role type, field permissions determine what fields a user can view or edit within the ticket editor or KB article editor. Typical permissions include: Editable, View Only, Hidden, or Required. Field permissions are defined for each combination of service desk (or knowledge base) and user role (or machine role).

These permissions are initially set by editing template, when a service desk definition is first associated with a role. You can change the field permissions to suit the business requirements of each role. You associate roles with service desk definitions—and set field permissions—using Preferences by Role or the Definitions > Access > Roles tab.

You can specify a different editing template from the default editing template, for each combination of role and service desk. The default editing template for all roles working with a service desk is specified in the Service Desk > Definitions > Properties > General Info tab.

Default Field Permissions

If a VSA user is using a user role that does not include either the Service Desk Administrator or Service Desk Technician roletype, then field level permissions defined for the Default machine role applies to that VSA user. For example, the Default machine role applies to users using user roles that are only linked to the VSA Basic or End User roletypes. The Default machine role also applies to machine users using Portal Access to view and edit tickets. When a user is using the Default machine role to view or edit a ticket, a Default Permissions Apply message displays at the top of a service desk ticket. If even the Default machine role does not provide access to a ticket, then an error message tells the user their role does not permit access to the ticket.

Topic 5495: Send Feedback. Download a PDF of this online book from the first topic in the table of contents.