Access rights not understood

[Muad_Dib]

Hi all,

I want to have some agents that only have to create tickets on a queue. They can't lock tickets, change priority or another things. Just creating tickets.

So here's what I made:

• - 2 groups called "Support" and "Phone",
  - The queue is linked to the group "Support",
  - 2 roles called "Hotline" and "CallAgent",
  - Agents who can only create tickets on the queue are on the role "CallAgent",
  - Agents who have to really work on tickets are on the role "Hotline",
  - Role "CallAgent" have "ro" and "create" access to group "Support" (and "rw" on group users)
  - Role "Hotline" have "rw" access to groupe "Support" (and "rw" on group users)

But when I test with an agent who got role "CallAgent", he can lock tickets, change priority and so on... Where am I doing it wrong?

Another question: I set up "rw" access on group users so that agents are able to select clients... Is there another way to do that?

Thanks in advance

[ferrosti]

First of all have a look at the OTRS logfile. Watch the point where your agent logs in, whether the correct role is matched.
Your setup seems to be OK.

Have a look at OTRS permissions. You can define lots more permissions like move, move_into, change_owner, etc. This can be set up in the admin interface.
I have noone given permissions on "users", except for admin accounts (way higher permissions than agents!).

[davidbann]

I have noone given permissions on "users", except for admin accounts (way higher permissions than agents!).

If you have no one with "users" permissions, how are your agents able to click on the "customer" link when creating a phone or email ticket? If I don;t assign RW to all agents for the "users" group then they get a permission error when trying to link a ticket to a customer. How did you get around this?

[Muad_Dib]

I have noone given permissions on "users", except for admin accounts (way higher permissions than agents!).

If you have no one with "users" permissions, how are your agents able to click on the "customer" link when creating a phone or email ticket? If I don;t assign RW to all agents for the "users" group then they get a permission error when trying to link a ticket to a customer. How did you get around this?

I've exactly the same problem than you!

It's what I've described on the first post...

See you

[davidbann]

Regarding the "users" group being assigned to all agents - The best I can come up with is the fact that when an agent creates a new ticket, if they start typing the name of the customer user in the "from" field (for phone-tickets), then OTRS will suggest names (wait a second or two if over internet) - You don't need RW permission for the "users" group for this to work. So I have taken away all RW permission to the "users" group except for admins - This way agents cannot edit customer user data, but they can still create the tickets. The only thing is that they cannot click on the "customer" link when creating a new ticket. Not a train smash though if the input suggestions work well enough for the "from" field...

[ferrosti]

This sounds kinda weird...
Do you have a specific group entered here?: Frontend::Module###AgentTicketCustomer

Ah, just read the last post. It´s all about the creation of new customers.
We have solved this in a completely different way, since or agents are not allowed to change customer data.

Please have a look at: System::Permission
I never tried this, but if you add 'customer' as a specific permission in there you should be able to enable this on your desired groups.
Let me know if it works.

[Muad_Dib]

This sounds kinda weird...
Do you have a specific group entered here?: Frontend::Module###AgentTicketCustomer

Ah, just read the last post. It´s all about the creation of new customers.
We have solved this in a completely different way, since or agents are not allowed to change customer data.

Please have a look at: System::Permission
I never tried this, but if you add 'customer' as a specific permission in there you should be able to enable this on your desired groups.
Let me know if it works.

I've nothing specific in Frontend::Module###AgentTicketCustomer, just the default values from OTRS installation.

And I try to add 'customer' in System::Permission but it doesn't work. If I remove group 'users' for the role, they cannot click on the link "Customer" when creating a new phone ticket

[ferrosti]

You´ll then have to edit the roles permission on the desired group (roles => groups) to allow the new permission named "customer".