We have a form managers used to submit as a ticket but now HR is asking if we can restrict that specific incident form (catalog item) so that way only HR can access it and submit it as a ticket? Thanks!
Role scopes and categories...?
I created a support ticket and got the answer. I guess it lies in creating a new role with specific values so that way one role isn't restricted, and the other is. It won't prevent them from seeing it, but it will prevent them from submitting the form.
You can also restrict folks from seeing it, too. There is more you can do in your role scoping on the normal requesters to prevent them from even seeing a Human Resources Service Catalog item.
Permission: Manage Incidents (first entry)Restriction: Read Incidents: Scope: Category: HR Helpdesk
The role permissions are processed in order from top to bottom. The above permission/restriction pair would allow the role holder to manage all incidents but not read (and thereby not see/update/manage) HR incidents.
You could also add this after the above:
Permission: Update Incidents: Scope: Requester: --Requester--Permission: Create Incidents: Scope: Requester: --Requester--
Which would allow the role holder to see and update tickets they themselves created.
I discovered this through research, trial and error, and trying things.
