<style>p { margin: 0; }span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left:0; padding-left:5px;}blockquote blockquote{ border-color: #00bcd4; color: #00bcd4;}blockquote blockquote blockquote{ border-color: #43a047; color: #43a047;} table.grid{ border-collapse: collapse;} table.grid td, table.grid th { border: 1px solid #ddd;} .fr-fic.fr-dib{ display: block; margin: 5px auto;}.fr-fic.fr-dib.fr-fir{ text-align: right; margin: 5px 0 5px auto;}.fr-fic.fr-dib.fr-fil{ text-align: left; margin: 5px auto 5px 0;}.fr-fic.fr-dii{ float: none; margin: 5px auto;}.fr-fic.fr-dii.fr-fil{ float: left; margin: 5px auto;}.fr-fic.fr-dii.fr-fir{ float: right; margin: 5px auto;}img.fr-dib.fr-fir { margin-right: 0; text-align: right;}img.fr-dib.fr-fil { margin-left: 0; text-align: left;}img.fr-dib { margin: 5px auto; display: block; float: none;}img.fr-bordered { box-sizing: content-box; border: solid 5px #CCC;}img.fr-shadow { box-shadow: 10px 10px 5px 0px #cccccc;}img.fr-rounded { border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box;}</style><style>
p {
margin: 0;
}
span.fr-emoticon.fr-emoticon-img {
background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle;
}
span.fr-emoticon {
font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0;
}
blockquote {
border-left: solid 2px #5e35b1; color: #5e35b1; margin-left: 0; padding-left: 5px;
}
blockquote blockquote {
border-color: #00bcd4; color: #00bcd4;
}
blockquote blockquote blockquote {
border-color: #43a047; color: #43a047;
}
table.grid {
border-collapse: collapse;
}
table.grid td,
table.grid th {
border: 1px solid #ddd;
}
.fr-fic.fr-dib {
display: block; margin: 5px auto;
}
.fr-fic.fr-dib.fr-fir {
text-align: right; margin: 5px 0 5px auto;
}
.fr-fic.fr-dib.fr-fil {
text-align: left; margin: 5px auto 5px 0;
}
.fr-fic.fr-dii {
float: none; margin: 5px auto;
}
.fr-fic.fr-dii.fr-fil {
float: left; margin: 5px auto;
}
.fr-fic.fr-dii.fr-fir {
float: right; margin: 5px auto;
}
img.fr-dib.fr-fir {
margin-right: 0; text-align: right;
}
img.fr-dib.fr-fil {
margin-left: 0; text-align: left;
}
img.fr-dib {
margin: 5px auto; display: block; float: none;
}
img.fr-bordered {
box-sizing: content-box; border: solid 5px #CCC;
}
img.fr-shadow {
box-shadow: 10px 10px 5px 0px #cccccc;
}
img.fr-rounded {
border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box;
}
</style><p><strong>In this guide we will cover:</strong></p><p id="isPasted"><strong>- How to Restrict access to the whole Service Catalogue</strong></p><p><strong>- Configuring Access to Service Categories</strong></p><p><strong>- Configuring access to specific services</strong></p><p><strong>- Restricting Access when a service belongs to multiple categories</strong></p><p><strong>- Restricting Access to Buttons within a Service</strong></p><p><br></p><p><br></p><p>Services within the service catalogue can be restricted to only be accessed by certain users. This is useful when you would only like certain users to be able to log/see the statuses of certain services. For example, if you would only like team leaders to be able to log new starter requests or only have people in the 'admin' team be able to request/monitor printing services. </p><p><br></p><p>Access can be restricted to the service catalogue as a whole, service categories and to specific services. When setting user access to a service you can choose against each service whether its access restrictions are inherited from the category or set uniquely for the service. User access is configured in the same way whether setting against the category or the service itself. </p><p><br></p><p><strong><span style="font-size: 14pt;">How to Restrict user access to the whole Service Catalogue</span></strong></p><p>If you would like some users to not be able to access the whole Service Catalogue you can restrict this one of two ways:</p><p><br></p><ul><li>Restrict using user permissions</li><li>Restrict access to the button on the self-service portal</li></ul><p><br></p><p><strong><span style="font-size: 12pt;">Restrict using User permissions</span></strong></p><p>Access is restricted using permissions when you would like a certain user, or a user with a particular role to not be able to access the service catalogue at all. </p><p><br></p><p>To remove a users access to the service catalogue head to their user profile > Permissions > disable 'Can access the Service Catalogue'. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImFlODgxOGEyLTRlYTYtNGVkZC1hNmQ4LTViODFhODkyNmE4YyJ9.ZseWtSnOM4PMh1qky_rLRIYWlIXhmWGK0wFT_25DP9U" class="fr-fic fr-fil fr-dib" width="1030" style="width: 1032px; height: 422.182px;" height="422"></p><p><strong><span style="font-size: 10pt;">Fig 1. Permission for user to access service catalogue</span></strong></p><p><br></p><p>When this permission (against a user or role) is disabled, the user will not be able to see the 'Service catalogue' button in the portal. They will also not be able to search for services using the search functionality. </p><p><br></p><p>Restricting service access in this way is used when you have a group of users that share the same role, who you would not like to be able to access any services. </p><p><br></p><p><strong><span style="font-size: 12pt;">Restricting access to the Service Catalogue Button</span></strong></p><p>Access to services can be restricted by restricting who can see the button that takes users to the service catalogue in the portal. If users cannot see the button they cannot see or navigate to services in the portal. When restricting access to the service catalogue in this way you can restrict access based on various entities, such as organisation, customer, department, site etc. not just user roles. </p><p><br></p><p><strong><em>Note: As only button access is restricted if a user without button access obtains a link to the service in the portal they will be able to access/log the service. If you are restricting access to the service catalogue for confidentiality purposes we recommend restricting this using user permissions. </em></strong></p><p><br></p><p>To restrict access to this head to configuration > self-service portal > edit the menu button titled 'Service Catalogue', here you can set visibility restrictions for the button using the 'Visibility Restrictions' table. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImY0MGM2MzUwLTJlYzgtNGNkYS04YmEwLTM0NjJhYzVlZWNhNCJ9.4I1F9ey0mviA_RvU5pcJyE0cz7-CBIgzzpUsQCD1sjU" class="fr-fic fr-fil fr-dib" width="488" style="width: 490px; height: 485.717px;" height="486"></p><p><strong><span style="font-size: 10pt;">Fig 2. Set visibility restrictions on button</span></strong></p><p><br></p><p>When restrictions are added only users that meet the criteria in the table will be able to see the button. If you would like everyone except one customer (for example) to see the button you can add a visibility restriction to exclude this customer from seeing the button using the checkbox 'Exclude this field from this Button'. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjdlNDA4MjA4LWVjZDMtNDg2My1hYjYxLTU5ODAyOTMxOWNmMCJ9.TDptgFCtDewbFPGQlzyyjicRYe2aBWiKqxbqG3myPBg" class="fr-fic fr-fil fr-dib" width="511" style="width: 513px; height: 282.943px;" height="283"></p><p><strong><span style="font-size: 10pt;">Fig 3. Visibility restriction to exclude users with a particular field seeing a button</span></strong></p><p><br></p><p>Restricting user access to services this way will ensure they cannot access the service catalogue area in the portal but if other buttons are configured that allow them to see specific services or log particular tickets they will still be able to access these. </p><p><br></p><p>Users who do not have access to the service catalogue button will also still be able to search for services in the portal (if search bar is enabled) an access services this way. If you would not like users to be able to do this you can disable the functionality to search for services. This is disabled under Configuration > Self Service Portal.</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjdhNGMwZjlkLTJkOWMtNDFkNC04ZDYwLTgzYjU0NjA5YTMzNiJ9.ZfKM9D2aG0jiGB0LYpowh189rY-AG3V88aroFxN51vg" class="fr-fic fr-fil fr-dib" width="589" style="width: 591px; height: 414.633px;" height="415"></p><p><strong><span style="font-size: 10pt;">Fig 4. Setting to allow users to search for services in the portal </span></strong></p><p><br></p><p><strong><span style="font-size: 14pt;">Configuring Access to Service Categories</span></strong></p><p>If access restrictions are set against a service category, allowed users will only be able to access the services within this category. It is important to keep in mind any restrictions set at the service category level will be passed down to (inherited by) any services within this category. Therefore, if you would not like a restriction to apply to all services in this category, the restriction will need to be set against each service it should apply to (not at the category level). </p><p><br></p><p id="isPasted">There are two ways access can be granted to a service category:</p><p><br></p><ul><li>Service access level</li><li>Set User access based on a specific entity</li></ul><p>Service access level will always need to be set, but setting access based on an entity is optional. Entity access allows you to configure more specific user access.</p><p><br></p><p>To configure service category access head to the services module and ensure you are viewing 'services by category' (set in the right hand pane) > right click on the service category you would like to configure access for, > view/edit this service category > user access tab. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjczOTFhMzI2LTJkY2ItNGNmMS1hY2NjLWNhNDRhOTVkZmE1ZiJ9.cQU13Cp6TGqVcQMzUGZNjN4LPjUJ5wgxUCM15aTFUKc" class="fr-fic fr-fil fr-dib" width="482" height="331"></p><p><strong><span style="font-size: 10pt;">Fig 5. Edit service category</span></strong></p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Ijg0Y2MxMmQ5LWQwM2YtNGNkZC1hNmY3LTE3YzNlMzliZmE3NyJ9.1WCSjGBEOQmY4QAx7iGyfmxiJ5bE7PcigdBEf0MDcjw" class="fr-fic fr-fil fr-dib" width="548" style="width: 550px; height: 385.522px;" height="386"></p><p><strong><span style="font-size: 10pt;">Fig 6. Service category configuration</span></strong></p><p><br></p><p>Here, you can set which users can access services within this category based on the 'service access level' the user has and based on the entity a user comes under. </p><p><br></p><p id="isPasted">Service access level will always need to be set, but setting access based on an entity is optional. Entity access allows you to configure more specific user access. </p><p><br></p><p><strong><span style="font-size: 12pt;">Setting service access level </span></strong></p><p>Access can be granted based on the user's service access level. A service access level will need to be assigned to a service category, and to each user. If the user's service access level is in line with the one against the service category, the user will be able to access the services in this category. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImVlODIwNWU3LTk1MmYtNGIwNy1hY2ZiLWIzMWY2M2JmODViYyJ9.O7qkqTREdrPmGKAIHlP4iVoHjV6pSdXkG7XeqH_kcJs" class="fr-fic fr-fil fr-dib" style="width: 972px; height: 441.231px;" width="1051" height="478"></p><p><strong><span style="font-size: 10pt;">Fig 7. User Access for a service.</span></strong></p><p><br></p><p>The service access level of a category can be changed using the 'Service access level' field against the category. </p><p><br></p><p>The service access level of a user is set against the user profile under the "Permissions" tab > General Permissions. In the Figure 8 example, the user will be able to see the service catalogue and has an access level of 2. This means they will be able to see any services categories and services within these categories with access levels of 1 or 2, but not 3.</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjAxM2FjMWMzLWRhNzMtNDhkZC05Mzk3LTU2Yzc1ZTI0MzAyNCJ9.fResxSflhnPPA8oX72JuHooGDznNkHBOJOeNGBGw4Mk" class="fr-fic fr-fil fr-dib" width="220" height="127"></p><p><strong><span style="font-size: 10pt;">Fig 8. Service access level permissions.</span></strong></p><p><br></p><p>You can then further restrict who can access a service using the 'User Access' table against the service.</p><p><br></p><p><strong><span style="font-size: 12pt;">Restrict User access based on a Specific Entity </span></strong></p><p>Users can be granted/restricted access based on various entities such as their role, customer, organisation etc. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImQ1MDJiYjEzLTk4N2UtNGRkMy1hOTI1LTE4NTYzMTFiZDI4OCJ9.H1HKx4AQZeI2mjkpR9kelf3IlvhnSmN2nWQuKKe-aF4" class="fr-fic fr-fil fr-dib" width="513" style="width: 515px; height: 438.202px;" height="438"></p><p><strong><span style="font-size: 10pt;">Fig 9. Restrict user access further</span></strong></p><p><br></p><p>To control which entities you can restrict user service access by, head to Configuration > Service Catalogue, see section 'Choose which entities can be used to restrict service access'.</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Ijc0MzgwMmIwLTQxZDMtNGEyNS1iMGExLWU4NjE1OTdiMzVlMSJ9.I3MZfJEGxG57T4hZX7uP1kyKUeBhIEJvTJR3ywYaI84" class="fr-fic fr-fil fr-dib" width="1216" style="width: 1218px; height: 226.458px;" height="226"></p><p><strong><span style="font-size: 10pt;">Fig 10. Entities which can be used to restrict service access </span></strong></p><p><br></p><p>Here, check the box of each entity you would like to be able to restrict users service access by. Keep in mind the more entities you enable the longer service catalogue loading times will be, enable as few as possible for optimised performance.</p><p><br></p><p>You will notice, when adding an entry to the table, there is an option to<strong> 'Exclude this entity from this Service'</strong>. When this is enabled any users that meet the criteria set here will not be able to access the service. </p><p><br></p><p>As soon as an entry is added to a table users will have to meet the service access level criteria AND criteria in the table to be able to access a service. In the Figure 11 example only users who have service access level 2 or 3 AND are a part of the customer 'Acorn Construction' will be able to access this service category. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjdmNjdlYjMxLWExZjAtNGE1MC1hZDk3LTJmNDNjNmZiYzFhOSJ9.PuAwq-klx7E_xGyxvSU43Ij7rTfk8vpsEc2LjMoseLA" class="fr-fic fr-fil fr-dib" width="799" style="width: 801px; height: 498.49px;" height="498"></p><p><strong><span style="font-size: 10pt;">Fig 11. Service restrictions example</span></strong></p><p><br></p><p>This also applies when adding exclusion criteria to the table. If I add an entry to the table to exclude 'Acorn Construction' from this service category I will also need to add an entry to grant all other users access to this service category. This is because users are now also being checked against criteria in the table to see if they should have access.</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjZlZGE4MTE3LWFkNTMtNGE5OS1hNjk2LTUwMzUyNWY1NmJiYiJ9.hDnvnK5VqZ8h8pjdxBYZg05Tl0dmAfs1iJSSPwQvSqo" class="fr-fic fr-fil fr-dib" width="854" style="width: 856px; height: 529.276px;" height="529"></p><p><strong><span style="font-size: 10pt;">Fig 12. Service restriction example two</span></strong></p><p><br></p><p>In the Figure 12 example users will need to have service access level 2 or 3 and not be in the customer 'Acorn Construction' to be able to see services in this category. If the table entry 'Everyone' is removed no one will be able to access this service as no users will meet both service level criteria and table criteria. </p><p><br></p><p><strong><em>Note: This applies to both criteria set against the service and service category.</em></strong></p><p><br></p><p><strong><span style="font-size: 14pt;">Configuring access to specific services</span></strong></p><p>In order for a user to be able to see a service in the portal, they will need to have access to the category that the service is in. For those users that have access to the category, further restrictions can be added to services within this category. </p><p><br></p><p>To configure user service access head to the services module > select a service > user access tab. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjczZGYxNjM0LWZiZmMtNDk4OS04YjhmLTQxZjlkOTJmZTdjMCJ9.lqA9JBt7Mfu8yhQevx8D0BQzZVem5zIJdvbm1t4FKJM" class="fr-fic fr-fil fr-dib" width="938" style="width: 940px; height: 575.028px;" height="575"></p><p><strong><span style="font-size: 10pt;">Fig 13. User access configuration against a service</span></strong></p><p><br></p><p>Here you will see service access is configured in the same was as it is for the service category, a 'service access level' will need to be set, with optional user access based on other entities also being able to be set. For details on how to set access here see sections 'Restrict User access based on a Specific Entity' and 'Setting service access level ' within this guide as restrictions here are set in the same way as service category restrictions. </p><p><br></p><p>When setting 'service access level' against a service you can either choose a service access level that users need to access this service, or you can set this to be 'inherited from service category'. If the service access level is set to be inherited users will need the same service access level to access this service as they do to access the category. </p><p><br></p><p>You will also notice entity access to the service is inherited. </p><p><br></p><p><strong>Inheriting access from the service category</strong></p><p>Entity access to a service will always be inherited from the service category regardless of if the 'Service Access level' against the service is set to be 'Inherit from Service Category'.</p><p><br></p><p>When an entity is granted access to a service category, any services in this category will have this user access too. This will be visible against the service itself. Any access that has been inherited from the service category will appear in the 'User Access' table as being inherited from the category. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImVjN2M3ZTQxLThlM2EtNDdkMi05MzNmLTAwODFhZWMzMjA5YiJ9.gU7mHdLQ6XqKkGYvA-IkV-2Jg2r6VH3iZLE9e9SnWWY" class="fr-fic fr-fil fr-dib" width="674" height="363"></p><p><strong><span style="font-size: 10pt;">Fig 14. Service access inherited from category</span></strong></p><p><br></p><p><strong><span style="font-size: 12pt;">User access Groups</span></strong></p><p>Groups of user access can be set for the service.</p><p><br></p><p>Access is set in the same way as outlined above, allowing you to restrict who can access a service based on a user entity, but you can now configure multiple groups of access conditions.</p><p><br></p><p><strong><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImVhNDdkOGVhLTdiNWMtNGVkMC05OGI2LTkzMDg5NDdjZjNlNSJ9.VDCXLcBlgu2lCIdsL0tEa6gctzGSGlz9SNl0YDBvXCM" class="fr-fic fr-fil fr-dib" width="936" style="width: 938px; height: 624.037px;" height="624"></strong></p><p><strong><span style="font-size: 10pt;">Fig 15. User access for service</span></strong></p><p><strong><br></strong></p><p>In order to access a service users will need to meet all the criteria within one group. In the Figure 15 example users will need to have the role 'Manager' OR be under the customer Acorn Construction AND have the role 'Communications'. This allows much more flexibility in allowing user access to a service. </p><p><strong><br></strong></p><p>When setting user access you will be prompted to select whether you would like to add individual conditions that users need to meet to access the service, or if you would like to configure a group of conditions. </p><p><br></p><p><strong><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjU4ODhhMzRmLWYxYjgtNDRjNy1hZWZjLTYyMTQ3MTliZDllOSJ9.RUDk9An05aCmPptEvDG07oweK7wD1lg_PEpebTfkJcI" class="fr-fic fr-fil fr-dib" width="544" style="width: 546px; height: 255.372px;" height="255"></strong></p><p><strong><span style="font-size: 10pt;">Fig 16. Add user access criteria group </span></strong></p><p><br></p><p>If adding a group, you can give the group a name, then set what criteria needs to be met for a user to match this group. </p><p><br></p><p>You can also use access groups to exclude users who meet this criteria, that is any users who meet all the conditions within a group will not be able to access the service. To do this ensure 'Exclude this entity from this Service' is selected when setting up the group. </p><p><br></p><p>Each group will be assigned a sequence, this will determine the order conditions are checked in. </p><p><br></p><p><strong><span style="font-size: 14pt;">Restricting Access when a service belongs to multiple categories</span></strong></p><p>A service can belong to multiple service categories. As user access to a service can be inherited from the service category this has implications for how service access is granted. </p><p><br></p><p>For information on how to use and enable multiple service category assignment check out <a data-fr-linked="true" href="https://usehalo.com/haloitsm/guides/1998" id="isPasted" target="_blank" rel="noopener noreferrer">The Service Catalogue</a>.</p><p><br></p><p>When a service catalogue item is assigned to two or more service categories, access to this service will depend on the 'Service access level' set against the service. </p><p><br></p><p><strong><em>Note: User access groups can also be configured at the service category level, then set to be inherited by the service. </em></strong></p><p><br></p><p><strong><span style="font-size: 12pt;">Service access level- Inherit from service category</span></strong></p><p>If the service access level of the service is set to be 'inherit from service category' and the service belongs to two or more categories that have different user access restrictions, the highest level of access will be granted. That is, if a user has access to one service category, but not another, and a service belongs to both categories, the user will be able to access this category. </p><p><br></p><p>For example, in Figure 15 the service catalogue item '3CX' belongs to the categories 'Cloud Services' and 'Business Applications'. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImIxYjYzOWI5LTNiMWEtNGExNS1hYTM4LTgzMGEyODk3NDJlMCJ9.Xel70_Kiyb0_MjCCoPI-gwtOL267CplRW7Ri8PFW-S0" class="fr-fic fr-fil fr-dib" width="950" style="width: 952px; height: 363.946px;" height="364"></p><p><strong><span style="font-size: 10pt;">Fig 17. Service categories assigned to service</span></strong></p><p><br></p><p>User access for the service is set to be 'Inherit from service category'. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjlmNDliODI0LWZkZjktNGNhYy1iNTI3LTM5OGU3NjQ0YTY0MyJ9.L-bOiI10PDG2dMvC7SZ3mS3vVQNDTBa4MdM95tANpbY" class="fr-fic fr-fil fr-dib" width="1016" style="width: 1018px; height: 459.152px;" height="459"></p><p><strong><span style="font-size: 10pt;">Fig 18. User access for Service catalogue item</span></strong></p><p><br></p><p>You will see entity user access has been inherited from both service categories. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImYwZWYwYjE3LWI0NzQtNGQ3NC1hNGYxLTliZWI4N2FmMmIzZSJ9.YloOBmypZFnfUV6v4fmOoMaAA60LPdt0zIhmSiwkP30" class="fr-fic fr-fil fr-dib" width="587" height="339"></p><p><strong><span style="font-size: 10pt;">Fig 19a. Cloud Services service access level</span></strong></p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjQyOTc2NWQ1LWUyMGItNDU0Yi04ODk0LWM0ZTc2MDEzNTY3OCJ9.PLovbzXlM0XMuIvLy7IjwQ7duzcCrmQSTgSq7FCkL4k" class="fr-fic fr-fil fr-dib" width="611" style="width: 613px; height: 321.369px;" height="321"></p><p><strong><span style="font-size: 10pt;">Fig 19b. Business Applications service access level</span></strong></p><p><br></p><p>In this example both categories differ in the service access level users are required to have to access the service. Cloud services has services access level 3, whereas business applications has service access level 2. Therefore, users with service access level 2 or above will be able to access this service.</p><p><br></p><p><strong><span style="font-size: 12pt;">Service access level- A Set access level</span></strong></p><p>If the 'service access level' against the service is set to be a specific level, users will need to have this access level or higher to access the service, regardless of the categories the service belongs to. </p><p><br></p><p id="isPasted">For example, in Figure 18, the service catalogue item 'Acronis Cyber Cloud' belongs to the categories 'Cloud Services' and 'Business Applications'. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjNiMDhjZGJjLTNmMjgtNDczMS1iMjBmLTFmYjNlMThhN2FjMSJ9.HVrNd98sPunC27I0ZwVVaaCZDdkxsla8s4PbbFYRojg" class="fr-fic fr-fil fr-dib" width="931" style="width: 933px; height: 344.574px;" height="345"></p><p><strong><span style="font-size: 10pt;">Fig 20. Service categories assigned to the Acronis service</span></strong></p><p><br></p><p>But the service access level for this service is set to be 3. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImZlMTE4MzllLTczYjgtNGZjMC1hZDc2LWQwZmVhNmYzZjNlZCJ9.NOIGHzNpES7LEePTolk33XmbsplC8hI_mfdtzBMivkE" class="fr-fic fr-fil fr-dib" width="809" style="width: 811px; height: 519.04px;" height="519"></p><p><strong><span style="font-size: 10pt;">Fig 21. Service access level for service</span></strong></p><p><br></p><p>The user entity access for the service is still inherited from the service category, but only users with service access level 3 will be able to access this service. This will be the case regardless of the categories the service belongs to. This allows you to assign a service to various categories, but not have the access to the service determined by the categories, access can be overridden on the service itself. </p><p><br></p><p><strong><span style="font-size: 14pt;">Restricting Access to Buttons within a Service</span></strong></p><p>Multiple buttons can be configured under a service to allow users to log different requests related to this service. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjA5NDA2YTZiLWNkOTMtNDhmNi04OWFiLWZkYjhjYjM0NThlNSJ9.VFKKAt1sBPlsJhns08N9Q7OVGnD7BEhR8yRk3lT3lzk" class="fr-fic fr-fil fr-dib" width="1217" style="width: 1219px; height: 435.9px;" height="436"></p><p><strong><span style="font-size: 10pt;">Fig 22. Button configuration within a service</span></strong></p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImZiYTNlMjNlLTgzZDctNGNjZC1iODYyLTFmZjExZTYyMWQ4NSJ9.PtbAPMYs-3puJPyt7nqgdQjPqeUY1TS1_3o5m0SRQ7k" class="fr-fic fr-fil fr-dib" width="1219" style="width: 1221px; height: 413.277px;" height="413"></p><p><strong><span style="font-size: 10pt;">Fig 23. Service Buttons in the portal</span></strong></p><p><br></p><p>You can restrict which users can access each of the buttons within a service. Useful when all users use the service, but a different form is needed to be filled out based on the user that is requesting the service (e.g. where they are located). </p><p><br></p><p>Users will still need access to the service itself to be able to see any buttons within the service, so ensure the required users have access to the service first. </p><p><br></p><p>To enable the ability to restrict access to service buttons, head to Configuration > Service Catalogue, enable "Allow User access restrictions on Service request details". </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImYyZTI2MTQwLTE3ZTctNDk1OC04ZjUzLTJhMjEzMmY5NWE2NSJ9.Zgsl0B763bCmb41o4wy07itE5VCEU4ZUh5pdxzeJOgw" class="fr-fic fr-fil fr-dib" width="1213" style="width: 1215px; height: 316.528px;" height="317"></p><p><strong><span style="font-size: 10pt;">Fig 24. Allow User access restrictions on Service request details</span></strong></p><p><br></p><p>Once enabled an additional "User Access" table will become available when configuring the service buttons. This is used to control who has access to the service button. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImYxNzUyZTI2LWJlYjUtNGE0OS05YzAxLWNkODJlODAwZmJiNiJ9.cyhWdM3wQTDioOvDOdCcJH9voGIgfujg2cSr97jp33Q" class="fr-fic fr-fil fr-dib" width="556" style="width: 558px; height: 712.95px;" height="713"></p><p><strong><span style="font-size: 10pt;">Fig 25. User Access table</span></strong></p><p><br></p><p>Only users that meet the criteria in the table will be able to see the service button. When adding criteria choose the entity you would like to assign access by and which group of users you would like to have access. </p><p><br></p><p>If there are no entries in the table, no users will be able to see the button, therefore if you would like everyone to have access ensure "Everyone" is selected as the entity. </p><p><br></p><p>In the Figure 26 example, user access is set so that only users under the site "Halo Local/Florida" will be able to see this service button. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImE4YWZjMmE1LWQyMWYtNGNkMy05ZGFkLWFiOTMyYjAxMGY4NyJ9.wWCar4pqUTYoFm8R5NvYJBQ-teCQb2z5-afPRaUpOa4" class="fr-fic fr-fil fr-dib" width="550" style="width: 552px; height: 332.824px;" height="333"></p><p><strong><span style="font-size: 10pt;">Fig 26. User access restrictions to button</span></strong></p><p><br></p><p>Access criteria configured here also allows specific entities to be excluded from access, and the use of 'criteria groups'. The use of criteria groups is outlined in the earlier section "User access Groups" of this guide. </p><p><br></p><p>If a user does not have access to any service buttons within a service, they will not be able to see the service in the portal.</p>
