Solved: Permission to cancel any requests

NicOla · ‎Mar 11, 2020

I’m trying to give our help desk the capability to cancel any requests raided by any user.

I permissioned them as per the admin guide (I gave them remove access on ‘Manage All Requests’ here) however they still do not have the capability to do this. Is there something I am missing?

Thanks in advance 😊

CharlesW · ‎Mar 13, 2020

It's possible that this would be an AD issue... Before going down this path, however I might suggest that you verify that the user in question is not part of multiple groups defined under "manage all requests". If the user in question is part of another group who has only view/modify permissions, then they would not have permissions, due to the most restrictive permission model in App Portal.

View solution in original post

jdempsey · ‎Mar 11, 2020

Is the issue that they can't see the Cancel option under My Requests? Or is the issue that they see the Cancel option but clicking it doesn't work? The privileges you've granted should be sufficient to do what you're trying to do. If the issue is that they can't see the Cancel option, there are a couple things to check:

Site Management > Settings > Web Site > Catalog Behavior has a setting called Allow users to cancel own requests. Make sure this setting is enabled or only Site Admins will be able to cancel requests.
Has the request already completed successfully (only relevant if you're trying to clean up old requests through the UI or if you're trying to simulate an uninstall of a general catalog item using an On Cancel event action)? If so, that same page above has a setting called Allow user to cancel a request if it is successful. Enabling this option will show the Cancel button for completed requests.
There is a point at which a request can no longer be canceled by a general user (to be transparent, I'm not sure exactly when that is - perhaps once the request has been approved?). Once the request hits that point, you won't see the Cancel option unless you are a Site Admin or until the request has been completed successfully and you've enabled the setting in #2 above.

Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".

NicOla · ‎Mar 12, 2020

Hi,

The issue is that they can't see the Cancel option under My Requests. The now have the ability to reassign approvals (thanks to the reply from last week) - the final piece for out Help Desk team is to enable them to cancel any in-flight/new request.

I just enabled 'Allow users to cancel own requests', and saved. I then created a new test request after saving that - but my Help Desk tester can still not see the Cancel option (I can see it, and it has just been raised so I'm sure it have not gone beyond the point on no-cancel allowed).

Is there anything else I should be looking at?

CharlesW · ‎Mar 13, 2020

I looked at the conditions on the cancel action.. This will be exposed in one of the following three scenarios:

1. User is a full admin.

OR

2. User has "Remove" permissions under catalog security->Manage all Requests. (modify is not sufficient)

OR

3. "Allow users to cancel own requests" setting is enabled. This will allow a user to cancel their own requests (those made against their logged in user account or device).

jdempsey · ‎Mar 13, 2020

Thanks, Charlie. That was my understanding/expectation as well; however, in this case, it sounds like the Manage All Requests>Remove permission has been granted and the Allow users to cancel own requests setting has now been enabled, but it still isn't working. Any suggestions on what to check? Would there be something in the AD or user logs to indicate why this permission might not be working for users that are not full admins but have the Manage All Requests>Remove permission?

Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".

CharlesW · ‎Mar 13, 2020

It's possible that this would be an AD issue... Before going down this path, however I might suggest that you verify that the user in question is not part of multiple groups defined under "manage all requests". If the user in question is part of another group who has only view/modify permissions, then they would not have permissions, due to the most restrictive permission model in App Portal.

NicOla · ‎Mar 15, 2020

Thanks Jim/Charles

The user is in about group that has read only access under 'Manage All Requests'. I thought the issue where a user inherits the lowest permission set was resolved after version 2019R1, but i never checked that.

I'll use a test account which is not in any other permissioned groups and let you know what happens..... Cheers

NicOla · ‎Mar 17, 2020

Thanks - it seems that the issue was due to the restrictive permission model. I edited the permissions of the group my test user was in .... and all is working now, she can cancel requests submitted by other users.

Many many thanks for helping me with this.