When there are multiple IT service management teams in your organisation, agents from different teams may get access to confidential data from each other. With the Restricted Group feature, you can restrict the visibility of such data.
Tickets associated with a restricted group are not visible to admins and agents outside that group, even when users have the 'Across all groups in the service desk' access level.
To ensure changes to restricted groups are not only brought to the group leader’s notice but also executed upon approval, you can enable the group leader approval option in a restricted group.
Note: You can control access to only tickets and data related to tickets using restricted groups. Access to Problems, Changes, Releases, Projects, and so on remain unaffected by this feature.This article contains the following topics:
Create restricted group
To create a restricted group:
1. Go to Admin > User Management > Agent Groups.
2. Click Create New.
3. Enter name and description in the Group Name and Group description fields.
4. Select the relevant business hours from the Business Hours dropdown.
Note: Configure the business hours conditions using the link under the Business Hours dropdown.
5. Select the relevant business function from the Business Function dropdown.
6. Enable the Restricted group toggle. If required, select the Group leader approval checkbox, and click Proceed.
7. Select the relevant option under the Agents section to add agents either as members or observers.
8. Search agents with the search option, and click Add.
Note: Each restricted group must have at least one group leader. A group leader can either be a group member or an observer. Any changes made to the group membership or configurations are notified to the group leader via email.9. To grant group leader access to an agent, click the ellipsis icon next to the agent name, then click Grant group leader access.
Note: This option is only visible if you have enabled the Restricted group setting. If required, also enable the Automatic Ticket Assignment checkbox.
10. To convert a member to observer or vice versa, click the ellipsis icon next to the agent name, then click Convert to Observer or Convert to Member.
11. Select the relevant dropdown options under the Group Automations section.
12. Click Save.
Manage restricted groups
To manage a restricted group:
1. Go to Admin > User Management > Agent Groups.
2. Click Edit next to the group you want to update.
3. Make necessary changes, and click Update.
Note: To gain more control over the changes made to a restricted group, ensure to enable the Group leader approval option.
When you have enabled the Group leader approval option, the following actions require approval from the group leader. Additionally, these actions are tracked under Admin > Account Settings > Audit Log.
Adding new agents to restricted group
Making another agent a group leader
Disabling restricted mode
Disabling group leader approval
Deleting restricted group
Whenever an admin performs the above actions on a restricted group, an approval request is sent to the group leader.
Note: In case of multiple group leaders, the approval notification is sent to all the group leaders. The action performed by the first respondent is executed, and the approval request sent to the other group leaders is canceled. Approval delegation does not apply to restricted groups.Add new agents to restricted group
(If approvals are enabled for a restricted group) When you add new agents as members or observers to a restricted group, they're not included in the group directly unless a group leader approves this action. In the meantime, the agent is marked as 'Awaiting / Pending approval'.
However, you can send reminder emails to the group leaders for approval.
Make another agent a group leader
In case a restricted group has a single group leader, you need to grant the group leader access to another agent before revoking access of the initial group leader.
Disable restricted mode
While this action requires approval from a group leader, disabling the restricted mode allows agents outside of the group (who have 'Across all groups in the service desk' authorization) to access the tickets assigned to the group.
Disable group leader approval
While this action also requires approval from a group leader, any changes to the group’s restricted status or its members does not require approval, after you disable the group leader approval option.
Delete restricted group
When a group leader approves this action, all tickets assigned to the restricted group get unassigned, and these tickets are visible to all the agents who have 'Across all groups in the service desk' authorization.
View restricted group on Dashboard
In case you are unable to view your restricted groups while creating a new Dashboard, follow these steps:
1. Go to Admin > User Management > Agent Groups.
2. Ensure you have the Admin and IT Supervisor roles assigned to you.
3. Ensure you are a member of the restricted groups you want to view.
4. Then, go to the main Dashboard page and click the ellipsis icon on the top left corner to create a new Dashboard.
5. Click New.
The New Dashboard page opens.
6. Select the Agents in group option under the Visible To section. Then, select your restricted group from the Select a group dropdown.
Important: Enabling restricted groups on an account has the following impact: - Agents and admins with access level set to 'Across all groups in the service desk' will not have access to view the tickets assigned to restricted groups. - User permissions set to 'Can see all tickets from associated departments/companies' will not have access to view the tickets assigned to restricted groups. - Assuming the identities of agents who belong to restricted groups will not be possible. - Public-facing ticket or approval pages of restricted group tickets will require authentication, and can only be viewed by authorised users.
