Management of users, permissions, groups

Users and groups

One of the most important features of Pandora ITSM is the possibility of working with different groups of users and that it allows access and display of separate elements, so that each group only sees its information and items, the content being invisible for the other groups. These user groups may be different departments, customers, or companies. This feature is generally known as a Multitenant environment.

The permissions structure is based on three concepts:

  • Group: Set of users with visibility between them. A group may be translated as “department”, “client” or “company”, depending on the context of use of Pandora ITSM and the desired way of working.
  • Profile (Profile): Permission level. Define a series of privileges, such as: access to the agenda, having access to create tickets, or being a project manager.
  • User ID: Unique name or keyword to log in to Web Console.

Users will have one or more combinations of profile plus group associated, defining the level of privileges they will have and for which group, being able to be, for example, project manager in one group and ticket operator in another. To edit users, a user with permissions may access the user manager through the menu PeopleUser management.

  • To edit click on the corresponding User ID.
  • To delete use the selection column in each item and then press Delete selected (or with Delete user at column Actions)
  • Para añadir un usuario nuevo (Create user).

Some user characteristics are, for example, activation (whether the user is active or not) or whether the user has login (interactive access to the console). Some users only have e-mail access for incident management.

In Custom screen, you may choose the dashboard that the user will see when logging in. See “Dashboard Management” for more information.

Optionally, you may assign a Company, which is important from the profile point of view, since in certain sections of the application the level of access will also take into account which company users belong to. Pandora ITSM brings default data for testing but you must first create your own companies in the customer management section (CRM customer management).

Edited by users themselves

Once users sign up, they themselves may modify their own data through the People → Edit my user menu (or through the direct access located in the header, right next to the close session button) and also know your API key by means of a QR code, which also contains name, phone, etc.

User Types

Closely related to the groups and profiles, are the types of user. In Pandora ITSM there are four types of users:

  • Grouped only by company: This is like a normal grouped user, but may only see tickets from users in the same company and group.
  • Grouped user: Privilege level based on their groups and profiles. They may only access, view and/or modify the information of each assigned group according to the profile they have defined.
  • Standalone user: They may only access sections: Tickets and Wiki. In the Tickets section, they may only see their own tickets. They are often used to offer support services to potentially large customer groups.
  • Super administrator (superadmin): Full access and privileges over all sections and tool groups.

User Administrators

User administrators are the only ones that may create or delet users wthin the system. For that they should have UM permissions in the assigned profile or either be superadmin.

Pandora ITSM keeps tabs on the number of user administrators, since it must be equal or lower to the one set by the license. If at any time the number were exceeded, a warning message will appear and a notification in the system inbox:

In the user list you may see which user admins have Web Console login disabled:

In this kind of situation you may of course extend Pandora ITSM license.

Profiles and users

This system allows specifying what access privileges are given to each user in the different sections of Pandora ITSM.

In user definition, at the end, there is the group and profile association:

Profiles are a set of access bits (permissions) that define what operations a user may perform.

In each section or function (tickets, base-knowledge, downloads, CRM, inventory, Wiki…) these access bits are used differently combined with elements, such as groups, or with access definitions specific to each tool. For example, in downloads, the access definition associates groups with something called categories, while in CRM, access management does not use groups but companies, and which companies are linked to each other.

Profiles can be managed from the People → Profile management menu. Each profile has a set of access bits and is identified with a name and a 2 or 3 letter abbreviation. Profiles are configured using access flags.

Projects

See project (PR)It allows you to see the information of the projects in which you are assigned.
Manage project (PM)It allows you to create and modify project groups.

The Project Manager Role may perform any operation on projects to which they are assigned that role, as well as on project tasks. Additionally, users with this role will be able to delete projects.

Project Owner: They have the same permissions as the project manager.

Administrator User: You may perform all the above actions in any project or task without restrictions (according to their availability in the interface).

In the project ACL system, subtasks inherit the permissions of the parent tasks. That is, if a user may modify the parent task, they may also modify the child task.

Incidents / Tickets

View tickets (IR)In which the user is the creator.
In which the user is the editor.
In which the user wrote some workunit.
Edit tickets (IW)It allows you to create new tickets and edit existing ones (for example, change the group, change the status, assign to another user, etc.). Editing will only be available to the user who owns the ticket.
Manage tickets (IM)It allows to: Delete tickets, Manage incident types and Manage SLA.
Close tickets without to be owner (IC)

Ticket escalation

Group Assignment (SI)It allows you to assign tickets to a group that you do not have access to.

Quality Control

Quality Assurance (QA)It allows you to view QA reports and reviews of closed tickets.

Knowledgebase

View KB (KR)It allows you to view Knowledge Base (KB) items.
Edit KB (KW)It allows you to create and edit Knowledge Base items.
KB Management (KM)It allows you to delete items from the Knowledge Base.

Downloads / Directories

View files (FRR)It allows you to view the files uploaded to Pandora ITSM .
Edit files (FRW)It allows you to upload files and update existing ones.
File management (FRM)It allows you to delete the files stored in Pandora ITSM

Inventory

See inventory (vr)In which the user is the owner.
In those that are public.
If you have an associated company, by the users assigned to that company.
Whether it is associated with the user specifically.
Edit Inventory (VW)It allows you to create new inventory items and edit existing ones (according to the permissions above).
Manage inventory (vm)It allows operations such as: Delete inventory items to which you have access. Manage types of inventory items.

Reports

View reports (RR)It allows you to see reports and their data.
Edit reports (RM)It allows you to create, modify and delete reports, as well as define templates and schedules.

Wiki

Wiki read and write permissions are defined on each Wiki page. All pages are accessible and editable by all users by default. You may see how to modify these permissions in the Wiki Read/Write Permissions section.

View Wiki (WR)It allows you to view the Wiki
Edit Wiki (WW)It allows you to edit and create Wiki pages
Wiki Management (WM)It allows you to modify, delete and assign users to the Wiki

CRM

CRM (Customer relationship management or Customer Relationship Management or Administration) has a particular way of working, where groups are not taken into account, only the company to which the user belongs and the profiles they have in any of the groups.

The main method of access restriction will be the parent/child relationship between companies. So that if a user has access to a company, he/she has access to all the “child” companies (except the external user, who only sees what belongs to him/her).

Companies

View CRM (CR)It allows you to see the information of the companies to which you have access. Users have access to a company if they are associated with it, they are the owner, or if the company is the child company of another to which users have access. Parent company permissions are inherited, that is, if a user may modify the parent company, they may also modify the child company.
Separate user: they have access only to the company that is associated with it.
Edit CRM (CW)It allows you to create and edit the companies you have access to.
CRM Management (CM)It allows you to modify or delete companies to which you have access.

Invoices

See invoices (CIR)It allows you to see invoices of the companies to which you have access.
Edit invoices (CIW)It allows you to create and modify company invoices to which you have access.
Invoice management (CIM)It allows you to delete invoices from the companies to which you have access.

Leads

Pandora ITSM allows sales lead management (business lead or people in charge of business with companies).

See leads (CLR)It allows you to see leads associated with companies to which you have access or leads that are not associated with anyone.
Edit leads (CLW)It allows you to create and modify the leads to which you have access.
Lead management (CLM)It allows you to modify leads to which you have access, even if they are not your own.

Calendar

Read Agenda (AR)It allows you to see the information in the Agenda. You may see your own items and those of other users depending on how these events were configured (by group, public, etc).
Edit Agenda (AW)It allows you to add and edit items to the Agenda based on their visibility.
Manage Agenda (AM)It allows you to delete items from the Agenda, including those from third parties to which you have viewing rights.

Administration of Pandora ITSM

Special access flags that refer to application management.

User management (UM)It allows you to create, edit and manage user profiles.
Database Management (DM)Access to the database console and execution of SQL queries.
Pandora ITSM Management (FM)Access to the configuration and administrative options of the program.

Human Resources

Human Resources (HR)It allows you to edit or delete work units assigned to special tasks (vacations, leaves, etc.).

User Import

Through this section, to which only system administrators have access, new users may be massively incorporated into the system. It is based on importing a CSV file with a specific format. A CSV file stores tabular data (numbers and text) in plain text format. Columns are separated by commas:

  • id_user
  • password
  • real_name
  • email
  • telephone
  • description
  • avatar
  • disabled
  • id_company
  • num_employee
  • enable_login
  • Custom fields.

Custom fields must previously exist in Pandora ITSM system and must be indicated in order, being able to choose a value, or if you do not want to give them a value, a blank space.

Other fields will be automatically associated according to the values of the creation form (menu People → Import users from CSV):

  • Group.
  • Profiles.
  • Global profile (standard user or external user).
  • Enable policy password (policy to force password according to security level).
  • Avatar (profile image).

Custom User Fields

An unlimited number of custom user fields can be defined to tailor the application to the organization. Only an administrator can define custom fields, to do so go to People → User fields.

You can define yes/no fields (ON/OFF), descriptions, values to choose from a selector and others. If Show in search is enabled the custom field will be displayed in the user filter with a text box (in this field the search is case sensitive).

Group Management

Group management is only visible to users with a user management profile. Tickets will always be associated to a group.

It is possible to define a default user in the groups to whom the tickets will be assigned when a new ticket is added to that group. Users may then transfer (“escalate”) tickets to anyone within the group, although users must be configured with the necessary permissions to do so.

From the People menu → Groups Management (section PeopleManage groups) you may add, edit and delete groups.

Clicking on the name of any group will access its editing form. By clicking Create, you will be able to add new groups whose fields are similar to the editing ones:

  • Forced email: It enables or disables ticket forwarding to the group of users entered in the email group.
  • Parent: Group in which you are included as a child.
  • Default user: This user will be assigned by default for tickets created in this group. Type in at least two letters in the search field to be able to choose from a list of matching users.
  • Icon: Image of the group, by selecting one from the list you will get its preview.
  • Send customer satisfaction email: Option to send an email to learn about customer satisfaction.
  • Open ticket limit: For grouped users, it is the maximum number of simultaneous open tickets of a group in the last year. For external users, it is the maximum number of simultaneous open tickets by that user.
  • Enforced open tickets limit: It will prevent creating new tickets when the open tickets limit is reached. If it is not forced, it only shows an informational window about the limit being exceeded.
  • Total ticket limit: For grouped users, it is the maximum number of tickets in a group in the last year, regardless of their status (both open and closed tickets will be counted). For external users, it will work in the same way but they will be counted individually, having their own for each external user and group. In both cases, it is restrictive, so new tickets cannot be created for this group once the limit is reached.
  • Ticket SLA: Monitoring the level of compliance (in English Service-level Agreement or SLA) used in the tickets of this group.
  • Default inventory item: Item associated by default to the new tickets of this group (optional).
  • Email from: Email address that will appear as the source of the notification. If you need users to be able to reply to this email, this address must be an alias of the address configured in Pandora ITSM to receive messages.
  • Group email: Email addresses associated with the group. Notifications will be sent to these addresses when there are changes to the tickets in the group (if there are multiple, separate them from each other by commas ,).

Email queue management by groups

They are used for ticket creation and management by email. To be able to use this feature, it is necessary to have an email account configured in the Mail settings section, in the general configuration of the console (SetupSetupEmail setup ). Pandora ITSM will use this account to download mail from a mailbox and to be able to work with new tickets sent to the support email account.

Using a group mail queue you may have a ticket created in the support system. In addition, depending on the target address of that email, it may go to one group or another and even automatically create an account in the system for the person who sent that email.

Since Pandora ITSM can only use one email account to download (POP3 or IMAP technologies), you will have to use ALIAS on your mail server to be able to differentiate who created the ticket.

Back to Pandora ITSM Documentation Index