Hello ,

1. Once the incident is closed, reopen incident option shouldn't be available at incident action level.

2. The reopen incident option used only be available up on approval.

Please suggest.

You can remove a role's ability to change the status of an incident, but that would include closing of the incident. You *might* be able to use an automatic rule of some kind to make closing work (based on a field change, for example), as I believe that follows system permissions and not the user's. I've not tested that. The same concept might then work for a re-open approval workflow.

Otherwise, I'm not aware of this being possible natively.

Hello ,

1. Once the incident is closed, reopen incident option shouldn't be available at incident action level.

2. The reopen incident option used only be available up on approval.

Please suggest.

Hello ,

1. Once the incident is closed, reopen incident option shouldn't be available at incident action level.

2. The reopen incident option used only be available up on approval.

Please suggest.

Hi SOAR Engineer, 

As far as I am aware you can't remove the reopen incident as an option from the customers view (one of the IBMer's might be able to confirm that?).  The 4 items at the bottom of the actions menu are system controlled.  What you can do however is restrict them, so for example to stop a customer reopening of an incident,

1) Create a script with the following:

if not groups.findByName("<Group name of your choice>"):
  helper.fail("You're not authorised to re-open an incident")

The group name of your choice above just needs to be replaced with the group that can reopen an incident, either a group you already have or create within the groups of the SOAR admin.

2) Create an automatic rule with is set to object type incident, and then add a condition, select the status field and is not equal to closed, with add an activity to run a script you created in step 1 above.

Now when a customer attempts to reopen an incident the rule will fire, if the ID they are logged on with is not in the right group, they'll get message from the helper.fail and the incident won't be re-opened, if they are of course the incident will simply be re-opened.

Hope this helps. 

Colin  

Hello ,

1. Once the incident is closed, reopen incident option shouldn't be available at incident action level.

2. The reopen incident option used only be available up on approval.

Please suggest.

Hi SOAR Engineer, 

As far as I am aware you can't remove the reopen incident as an option from the customers view (one of the IBMer's might be able to confirm that?).  The 4 items at the bottom of the actions menu are system controlled.  What you can do however is restrict them, so for example to stop a customer reopening of an incident,

1) Create a script with the following:

if not groups.findByName("<Group name of your choice>"):
  helper.fail("You're not authorised to re-open an incident")

The group name of your choice above just needs to be replaced with the group that can reopen an incident, either a group you already have or create within the groups of the SOAR admin.

2) Create an automatic rule with is set to object type incident, and then add a condition, select the status field and is not equal to closed, with add an activity to run a script you created in step 1 above.

Now when a customer attempts to reopen an incident the rule will fire, if the ID they are logged on with is not in the right group, they'll get message from the helper.fail and the incident won't be re-opened, if they are of course the incident will simply be re-opened.

Hope this helps. 

Colin  

Hello ,

1. Once the incident is closed, reopen incident option shouldn't be available at incident action level.

2. The reopen incident option used only be available up on approval.

Please suggest.