10.11.1. Data Segregation with Location Scope¶
We have implemented location based data segregation for organizations with diverse geographical presence; it is achieved using location scoping. Data in the ITSM tool is segregated for technicians and requesters based on location; for example, London office technicians will support that office’s requesters and authorized to see that location’s data.
10.11.1.1. Few Use Cases for Location Scope¶
A ticket filed in a particular office will be visible to the technicians assigned to that office. A ticket must carry location information for location scope to work. Such segregation speeds up the service delivery process.
Achieve security through obscurity. You can define access authorization using location. A technician assigned to a particular location will see data of that location only.
Manage large amount of tickets through segregation based on location. A technician assigned to a location will able to see tickets of his/her location.
Achieve separate automated workflows for different locations using location scoping.
10.11.1.2. Scope of Location Segregation¶
Following objects comes within the scope of location based segregation (i.e. Data accessed by location):
Incident
Problem
Change
Asset
Report
Project
Technician***
Requester***
***Technician: Location scope is applicable on technicians who has a location defined. Technicians with All Location can view all data.
***Requester: Technicians can view requesters of his/her location. But requesters with unassigned location are visible to technicians of all locations.
10.11.1.3. Implementing Location Scope¶
Location scope is used to filter data for technicians. So the starting point for location scoping is to define locations. Learn how to define locations.
Once the locations are defined, it’s time to assign requesters and technicians to a particular location. You can add a location when creating a technician and requester, or add the location details later.
Note
Super admin has all location permission by default.
Note
An admin can assign multiple locations to a technician/requester.
Note
A technician can have All location as the permission, where he/she has access to data of all locations. In case of a requester, the unassigned permission makes the requester visible to all technician regardless of location.
Note
In case Authorized Location field is kept empty, it’s treated as All/Unassigned location permission.
10.11.1.4. Location Scope Behavior¶
10.11.1.4.1. Location Scope in Service Desk¶
A technician assigned to the location London can view tickets generated by the requesters of the London office or belong to the location London. Same is true when multiple locations are assigned to a technician.
Note
A ticket with no location data will be visible to technicians of all locations.
Technician can view other technicians and requesters of locations of which he/she has permissions. Requesters with Unassigned location are visible to all technicians regardless of location.
A technician with the All location permission can view tickets, technicians and requesters of all locations.
A technician can view all system groups, but the visibility of the group members is restricted by location.
The system location list is also restricted and shows only allowed locations.
A user can have different location permissions as a technician and requester.
In case a technician (with all location permission) tries to change the location of a ticket, the system will throw an error if there is an assigned technician, with location restrictions, to the ticket or a task, or both.
You can compulsory implement location based segregation using Custom Rule.
Auto-assignment considers the location of the ticket and technicians when performing an assignment.
10.11.1.4.2. Location Scope in Asset Management¶
Assets in the CMDB carry location information, and come within the scope of location. A technician assigned to a particular location can view CI’s and data of the that location just like service tickets.
Asset can be added in system in following ways and these are behavior:
Manual: Like any other objects, it comes within the scope of location wise segregation.
CSV Import: If location data is present, then it comes within the scope of location wise segregation.
Automatic Discovery (Agent and Agent-less): An asset is assigned to a location when discovered based on IP.
10.11.1.4.3. Location Scope in Report¶
A user with All location permission can create a report and share the same with all other technicians. When people with specific location permission try to create a report, the location filter is automatically applied with regards to technician list.
Related Topics: Create a Report, Sharing a Report.
10.11.1.4.4. Location Scope for Approval¶
An approver of an approval won’t be able to see the approval (in the technician portal) if the ticket/CI (for which the approval has been sought) has a location which he/she is not assigned. As an requester (logged into the requester portal), he/she can view the approval and other approvals of all locations.
10.11.1.4.5. Location Specific Options in Admin¶
A user can find location specific options in Admin >> Preference (under Users). Here one would find the following options:
Allow Requesters to Report a Request with Location: Enabling this option allows requesters (only) to choose a location other than his/her own location when creating a Request from the Requesters portal.
Relate Topic: Creating a Request from Requester Portal
Auto Identify Location of the Asset: If this option is enabled then an asset is automatically assigned to a location based on the Network.
The assignment happens during a discovery of an asset by both agent-based and agent-less method. The location is assigned from the Network List; if a discovered asset has an IP that falls in a Network with an assigned location, then the location is inherited by the asset as well.
Note
Location details can’t be fetched from a Domain Network.