Service Desk Administrator cannot copy the existing Change Classification to create new ones in a Multi-Tenancy Environment.

Idea created by shubhodeep_chakraborty on Jul 6, 2016
    Not planned
    Score4
    • J_W
    • peter.rose
    • NickHarvey1303253
    • SandraHills1303246

    Hi,

     

    Service Desk Administrator cannot copy the existing Change Classification to create new ones in a Multi-Tenancy Environment.

     

    When trying to copy the existing Change Classification to create new ones by multiTenant-Service Desk Administrator, getting the error "AHD03117: Your current role does not have UPDATE_GLOBAL authorization, so you cannot update public object Behavior Template bhvtpl:1163345". This issue exists in 12.5, 12.9 and 14.1.

     

    There was no issue observed when the same action was done with "singleTenant-Service Desk Administrator" in singleTenant environment.

     

    The Tenant Read Access contains Groups of that particular Tenant + Service Provider.

    The Tenant Write Access contains Groups of that particular Tenant Only.

    Update Public is set to 'NO'.

     

    With this combination, multiTenant-Service Desk Administrator is not able to copy the existing Change Classification to create new ones.

     

    IF the Tenant Write Access contains Groups of that particular Tenant + Service Provider OR Update Public is set to 'YES', multiTenant-Service Desk Administrator is able to copy the existing Change Classification to create new ones but it is not an acceptable solution as the multiTenant will get access to "PUBLIC DATA" and it will be a huge security breach.

     

    So there should be some change in the design and code where multiTenant-Service Desk Administrator is able to copy the existing Change Classification to create new ones without having "Write Access" to Public Data.

     

    Regards,

    Shubhodeep Chakraborty.