Setting User Permissions [SOLVED]

Moderator: crythias

Locked
sweeny_here
Znuny newbie
Posts: 19
Joined: 06 Jun 2011, 17:23
Znuny Version: 3.0.8
Real Name: Theo Sweeny
Company: First Clarity

Setting User Permissions [SOLVED]

Post by sweeny_here »

Hello - I wish to restrict users so that they can only reassign ticket ownership,add a note and reply to tickets.

The following configs are in place - the agent has a single role. This role is assigned to a single group. The group is assigned to a queue. There is no agent -> group mapping but this feature is enabled.

The system default permissions have been updated to include ro, move_into, create, note, owner, priority, compose, customer,forward, bounce, close, rw and they are in this order.

The Queue View has been updated to list tickets in queues for agents that have just ro permissions via config ViewAllPossibleTickets set to yes.

Any tips or pointers would be much appreciated.
Last edited by sweeny_here on 10 Aug 2011, 12:18, edited 1 time in total.
sweeny_here
Znuny newbie
Posts: 19
Joined: 06 Jun 2011, 17:23
Znuny Version: 3.0.8
Real Name: Theo Sweeny
Company: First Clarity

Re: Setting User Permissions

Post by sweeny_here »

I seem to have a found a fix. Here are config settings -

The user agent has a role. The role is linked to a group. The role to group permissions are set for ro. The agent to group permissions are set for note, owner, compose and forward.

This user agent can now add a note, reassign ownership, reply to and forward tickets.
sweeny_here
Znuny newbie
Posts: 19
Joined: 06 Jun 2011, 17:23
Znuny Version: 3.0.8
Real Name: Theo Sweeny
Company: First Clarity

Re: Setting User Permissions

Post by sweeny_here »

Okay - I've now tried to do this for many groups but it doesn't work. The user agent has access to all the functions rather than the restricted set. Here are the config settings -

The user agent has a role. The role is linked to many groups. The roles to group permissions are set for ro. The agent is linked to many groups. The agents to group permissions are set for note, owner, compose and forward. Both the role to group and agent to group mappings are using the same groups.

One would hope that the agent would now only be able to use the note, owner, compose and forward functions. Instead, the user agent can execute all permissions / functions.

Any ideas?
sweeny_here
Znuny newbie
Posts: 19
Joined: 06 Jun 2011, 17:23
Znuny Version: 3.0.8
Real Name: Theo Sweeny
Company: First Clarity

Re: Setting User Permissions

Post by sweeny_here »

Anyone with a view?
ferrosti
Znuny superhero
Posts: 723
Joined: 10 Oct 2007, 14:30
Znuny Version: 3.0
Location: Hamburg, Germany

Re: Setting User Permissions

Post by ferrosti »

Usually one would create one Group for each Queue. This way one can handle every single permission to every single Queue. Mappings from Agents to Groups should not be done.

You then set Role permissions on Groups to define what your Agent should be able to do. In this case delete your Agent to Groups permissions and set Role to Groups permissions with 'ro' on all desired Groups and add additional permissions.
It is by far more easy to administrate Groups, since you can apply multiple Groups to Agents and Roles permissions sum up.
openSuSE on ESX
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
sweeny_here
Znuny newbie
Posts: 19
Joined: 06 Jun 2011, 17:23
Znuny Version: 3.0.8
Real Name: Theo Sweeny
Company: First Clarity

Re: Setting User Permissions

Post by sweeny_here »

Thank you for the help.

All the users permissions set within the Agent to Group function have been unticked for all users.The Agent to Group function has been disabled.

Now the permissions are set via the Agent to Role and Role to Group functions. These permissions are working as expected except for one user. Is there any way to debug the user agent which is not accepting the restricted settings?
sweeny_here
Znuny newbie
Posts: 19
Joined: 06 Jun 2011, 17:23
Znuny Version: 3.0.8
Real Name: Theo Sweeny
Company: First Clarity

Re: Setting User Permissions

Post by sweeny_here »

To resolve the issue with the user agent’s profile that wasn't playing ball with the permissions allocated to it via the Agent to Role function. The user agent's profile was set to "invalid" and each field set to xxx except for email which was renamed to something acceptable like none@mydomain.com

Next a new user agent profile was created using the old user agent’s credentials. Next the new agent is associated back to the original role. Now the permissions work as expected.
Locked