Multiple Roles and Membership in Organizations
Because each organization has distinct service ownership and configuration, organization membership affects what each user can see and do in the Service Portal.
Typically, each user is a member of a single organization. However, there are several more complex scenarios that may be configured, for example, a user can:
- be a member of multiple organizations and can have different roles in each organization, depending on what level of access they need
- have only an individual role, with no organizational role
- have both organizational roles and an individual role outside of an organization
- be a member of one or more parent organizations. Note that a user can be only a member of a parent organization, or they could be member of a parent organization and can be a member of regular organizations and/or have individual roles.
These scenarios are not mutually exclusive — a user could just be a member of a parent organization, or they could be a member of a parent organization and regular organizations and/or have individual roles.
Users can see their current role and organization at the top of the Service Portal. In the following example, the user is signed in as a member of the Development organization.
When signed in as a member of an organization, the provided view allows a user to only see services that they own and that are visible to that organization. Likewise, when a user executes a search, the search will return only VMs that are visible to that organization.
The view affects everything in the Service Portal, such as the tree, the dashboard, service requests, recommendations and searches.
The organization menu allows Service Portal users to switch their view to another organization or role. The current view is saved when the user logs out of the Service Portal.
Member of multiple organizations
Here's what the Views menu might look like for a user that's a member of multiple organizations:
Individual role and no organization membership
Users who need visibility of services across organizations, such as IT administrators, require an individual role outside of an organization.
As shown above, if you aren’t a member of any organization, then you will only have one view of all services.
Member of organizations and individual roles
When a user has both an organizational role and an individual role, they can switch between roles.
Permission to view all services in an organization
If a user has permission to view all services in an organization, they can switch between viewing their own services and the organization's services. Here's an example:
By default, the Show All Organization Services permission is only enabled for a Manager Service Portal role.
An organization that's listed with "All Organization" below it indicates that the user will see all services that are assigned to that organization. If the user chooses the organization without "All Organization" below it, their view would be limited to only the services that they own and that are visible to that organization.
If a user belongs to a parent organization, the parent organization is displayed in the drop-down menu with a icon beside it. If any organization that the user belongs to is a child of that parent organization, that parent is shown in brackets under the organization.
In the example below, the view has been switched to the "Service" parent organization. Notice that "(Service)" is listed under the "Sales" organization; this indicates that "Service" is the parent organization of "Sales".
A parent organization provides the user with a limited view for reporting purposes only. See Parent Organization view in Service Portal for more information.
Assign an organizational and individual role to a Service Portal user
For a user who needs visibility of services across organizations (such as an IT administrator), but needs visibility within an organization as well (for example, to approve service requests), you need to assign both an organizational and an individual role.
First add the user to the organization, and then assign an individual role. If you assign an individual role first and then add the user to an organization, the individual role is removed.
As shown below, [multiple] is displayed in the Role column when a user has multiple roles.
Configuration > Identity and Access
Commander Roles of Superuser and Enterprise Admin
Administrator Access Rights
To assign an individual role to a user who already has an organizational role:
- Click the Users tab, then on the Users page, select the user in the list and click Edit User.
In the Edit User dialog, the Role menu says No individual role, and the user's organizational membership and role are listed in blue text:
- Select a Service Portal role from the Role menu and click Save.