Management of users, permissions, groups

Users and groups

One of the most important characteristics of Pandora ITSM is the possibility of working with different groups of users and that it allows access and visualization of independent elements, so that each group only visualizes its information and elements, the content being invisible. from the other groups. These user groups can be different departments, customers, or companies. This feature is generally known as a Multitenant environment.

The permissions structure is based on three concepts:

  • Group (Group): Set of users with visibility between them, a group can be translated as “department”, “client” or “company”, depending on the context of use of Pandora ITSM and the way of working desired.
  • Profile (Profile): Permission level. Define a series of privileges, such as: access to the agenda, having access to create tickets, or being a project manager.
  • User ID (User): Identifier to access the tool. Users will have associated one or more combinations of profile plus group, defining the level of privileges they will have and for which group, being able to be, for example, project manager in one group and ticket operator in another. To edit users, a user with permissions can access the user manager through the menu PeopleUser management.

Here you can edit (click on the corresponding User ID), delete (Delete column, trash can icon) or add a new user (Create) in a form similar to the following:

In Custom screen you can choose the dashboard that the user will see when logging in. See “Dashboards Administration” for more information.

Optionally, you can assign a company (Company), which is important from the profile point of view, since in certain sections of the application the level of access will also take into account which company a user belongs to. Pandora ITSM brings default data for testing but you must first create your own companies in the customer management section (“CRM customer management”) .

Some user characteristics are, for example, activation (if the user is active or not) or if the user is logged in (interactive access to the console). Some users only have access by email (email) for incident management.

Edited by the user himself

Once a user has been registered, the user himself can modify his own data through the People → Edit my user menu (or through the direct access located in the header, right next to the close session button ) and also know your API key by means of a QR code, which also contains name, phone, etc.

User Types

Closely related to the groups and profiles, are the types of user. In Pandora ITSM there are four types of users:

  • Grouped only by company: This is like a normal grouped user, but can only see tickets from users in the same company and group.
  • Grouped user: Privilege level based on their groups and profiles. They can only access, view and/or modify the information of each assigned group according to the profile they have defined.
  • Standalone user: They can only access the sections: Tickets and Wiki. In the Tickets section they can only see their own tickets. They are often used to offer support services to potentially large customer groups.
  • Super administrator: Full access and privileges over all sections and groups of the tool.

Profiles and users

This system allows specifying what access privileges are given to each user in the different sections of Pandora ITSM .

In the definition of a user, at the end, there is the group and profile association:

Profiles are a set of access bits that define what operations a user can perform.

In each section or function (tickets, baseknowledge, downloads, CRM, inventory, Wiki…) these access bits are used differently in combination with elements such as groups or with access definitions specific to each tool. For example, in downloads, the access definition associates groups with something called categories, while in CRM access management does not use groups but companies, and which companies are linked to each other.

Profiles can be managed from the PeopleProfile management menu (PeopleProfile Management) on a screen similar to this one:

Each profile has a series of access bits and is identified by a name:

Access Bits

The profiles are configured through flags or access flags.

Projects

See projectAllows you to see the information of the projects in which you are assigned.
Manage projectAllows you to create and modify project groups.

The Project Manager Role can perform any operation on projects to which they are assigned that role, as well as on project tasks. Additionally, users with this role will be able to delete projects.

Project Owner: Has the same permissions as the project manager.

Administrator User: You can perform all the above actions in any project or task without restrictions (according to their availability in the interface).

In the project ACL system, subtasks inherit the permissions of the parent tasks. That is, if a user can modify the parent task, she can also modify the child task.

Incidents / Tickets

View tickets In which the user is the creator. In which the user is the editor. In which the user wrote some workunit .
Edit tickets Allows you to create new tickets and edit existing ones (for example, change the group, change the status, assign to another user, etc.). The edition will only be available to the user who owns the ticket.
Manage tickets Allows: Delete tickets, Manage incident types and Manage SLA.

Ticket escalation

Group AssignmentAllows you to assign tickets to a group that you do not have access to.

Quality Control

Quality AssuranceAllows you to view QA reports and reviews of closed tickets.

Knowledgebase

View KBAllows you to view the Knowledge Base (KB) articles.
Edit KBAllows you to create and edit Knowledge Base articles.
KB ManagementAllows you to delete articles from the Knowledge Base.

Downloads / Directories

View filesAllows you to view the files uploaded to Pandora ITSM .
Edit filesAllows you to upload files and update existing ones.
File managementAllows you to delete the files stored in Pandora ITSM

Inventory

See inventory In which the user is the owner. In those that are public. If you have an associated company, by the users assigned to that company. Whether it is associated with the user specifically.
Edit Inventory Allows you to create new inventory items and edit existing ones (according to the permissions above).
Manage inventory Allows operations such as: Delete inventory objects to which you have access. Manage types of inventory objects.

Reports

View reportsAllows you to view the reports and their data.
Edit reportsAllows you to create, modify and delete reports, as well as define templates and schedules.

Wiki

Wiki read and write permissions are defined on each Wiki page. By default all pages are accessible and editable by all users. You can see how to modify these permissions in the Wiki Read/Write Permissions section.

View WikiAllows you to view the Wiki
Edit WikiAllows you to edit and create Wiki pages
Wiki ManagementAllows you to modify, delete and assign users to the Wiki

CRM

The CRM (Customer relationship management or Customer Relationship Management or Administration) has a particular way of working, where groups are not taken into account, only the company to which the user belongs and the profiles they have in any of the groups. The main method of access restriction will be the parent/child relationship between companies. So if you have access to a company, you have access to all “child” companies. Except the external user who only sees his own. That is, just seeia those of his company and the daughters (and granddaughters, etc.) of his company.

Companies

View CRM It allows you to see the information of the companies to which you have access. A user has access to a company if he is associated with it, is the owner, or if this company is the daughter of another to which the user has access. The permissions of the parent companies are inherited, that is, if a user can modify the parent company, they can also modify the child company. Independent user: Has access only to the company that is associated with it.
Edit CRMAllows you to create and edit the companies you have access to.
CRM ManagementAllows you to modify or delete companies to which you have access.

Invoices

See invoicesAllows you to see invoices (invoices) of the companies to which you have access.
Edit invoicesAllows you to create and modify company invoices to which you have access.
Invoice managementAllows you to delete invoices from the companies to which you have access.

Leads

Pandora ITSM allows the management and administration of sales leads (business lead or people in charge of business with companies).

See leads Allows you to see leads associated with companies to which you have access or leads that are not associated with anyone.
Edit leads Allows you to create and modify the leads to which you have access.
Lead management Allows you to modify leads to which you have access even if they are not your own.

Calendar

Read AgendaAllows you to view the information in the Agenda. You can see your own items and those of other users depending on how these events have been configured (by group, public, etc).
Edit AgendaAllows you to add and edit items to the Agenda based on their visibility.
Manage AgendaAllows you to delete items from the Agenda, including those from third parties to which you have viewing rights.

Administration of Pandora ITSM

Special access flags that refer to the administration of the application.

User managementAllows you to create, edit and manage user profiles.
Database ManagementAccess to the database console and execution of SQL queries.
Pandora ITSM ManagementAccess to the configuration and administrative options of the program.

Human Resources

Human ResourcesAllows you to edit or delete work units assigned to special tasks (vacations, leaves, etc.).

User Import

Through this section, to which only system administrators have access, new users can be massively incorporated into the system. It is based on importing a CSV file with a specific format. A CSV file stores tabular data (numbers and text) in plain text format. The columns are separated by commas:

  • id_user
  • password
  • real_name
  • email
  • telephone
  • description
  • avatar
  • disabled
  • id_company
  • num_employee
  • enable_login
  • Custom fields.

The custom fields must previously exist in the Pandora ITSM system and must be indicated in order, being able to choose a value, or if you do not want to give them a value, a blank space .

Example:

user,pass_user,albert,[email protected],12345678,This is a new user,people_1,0,3,222,1,PITSM,20

Other fields will be automatically associated according to the values of the creation form (menu PeopleImport users from csv):

  • Group (group).
  • Profiles (profile).
  • Global profile (standard user or external user).
  • Enable policy password (policy to force password according to security level).
  • Avatar (profile image).

Custom User Fields

An unlimited number of custom user fields can be defined to tailor the application to the organization. Only an administrator can define custom fields, to do this go to PeopleUser fields.

You can define fields of type yes/no (on/off), descriptions, values to choose from a selector and others.

Group Management

Group management is only visible to users with a user management profile. Tickets will always be associated to a group.

It is possible to define a default user in the groups to whom the tickets will be assigned when a new ticket is added to that group. The user can then transfer (“escalate”) the tickets to anyone within the group, although the user must be configured with the necessary permissions to do so.

From the People menu → Groups Management (section PeopleManage groups) you can add, edit and delete groups.

Clicking on the name of any group will access its editing form. By clicking on the Create button you will be able to add new groups whose fields are similar to the editing ones:

  • Forced email: Enables or disables the sending of tickets to the group of users entered in the email group.
  • Parent: Group in which you are included as a child.
  • Default user: This user will be assigned by default for tickets created in this group. You must type at least two letters in the search field to be able to choose from a list of matching users.
  • Icon (Icon): Image of the group, by selecting one from the list you will get a preview of it.
  • Send customer satisfaction email: Option to send an email to learn about customer satisfaction.
  • Open ticket limit: For grouped users, it is the maximum number of simultaneous open tickets of a group in the last year. For external users, it is the maximum number of simultaneous open tickets by that user.
  • Enforced open tickets limit: It will prevent the creation of new tickets when the open tickets limit is reached. If it is not forced, it only shows an informational window that the limit has been exceeded.
  • Total ticket limit: For grouped users, it is the maximum number of tickets in a group in the last year, regardless of their status (both open and closed tickets will be counted). For external users it will work in the same way but they will be counted individually, having their own for each external user and group. In both cases, it is restrictive, so new tickets cannot be created for this group once the limit is reached.
  • Ticket SLA: Monitoring of the level of compliance (in English Service-level Agreement or SLA) used in the tickets of this group.
  • Default inventory object: Object associated by default to the new tickets of this group (optional).
  • Email from: Email address that will appear as the origin of the notification. If you need users to be able to reply to this email, this address must be an alias of the address configured in Pandora ITSM to receive the messages.
  • Group email: Email addresses associated with the group. Notifications will be sent to these addresses when there are changes to the tickets in the group (if there are multiple, you must separate them from each other by commas , ).

Email queue management by groups

They are used for the creation and management of tickets by email. To be able to use this functionality, it is necessary to have an email account configured in the Mail settings section, in the general configuration of the console (SetupSetupEmail setup ). Pandora ITSM will use this account to download mail from a mailbox and to be able to work with new tickets sent to the support email account.

Using a group mail queue you can have a ticket created in the support system. In addition, depending on the destination address of that email, it may go to one group or another and even automatically create an account in the system for the person who sent that email.

Since Pandora ITSM can only use one email account to download (POP3 or IMAP technologies), you will have to use ALIAS on your mail server to be able to differentiate who creates the ticket.

Back to Pandora ITSM Documentation Index