Hello - I wish to restrict users so that they can only reassign ticket ownership,add a note and reply to tickets.
The following configs are in place - the agent has a single role. This role is assigned to a single group. The group is assigned to a queue. There is no agent -> group mapping but this feature is enabled.
The system default permissions have been updated to include ro, move_into, create, note, owner, priority, compose, customer,forward, bounce, close, rw and they are in this order.
The Queue View has been updated to list tickets in queues for agents that have just ro permissions via config ViewAllPossibleTickets set to yes.
Any tips or pointers would be much appreciated.
Setting User Permissions [SOLVED]
Moderator: crythias
-
- Znuny newbie
- Posts: 19
- Joined: 06 Jun 2011, 17:23
- Znuny Version: 3.0.8
- Real Name: Theo Sweeny
- Company: First Clarity
Setting User Permissions [SOLVED]
Last edited by sweeny_here on 10 Aug 2011, 12:18, edited 1 time in total.
-
- Znuny newbie
- Posts: 19
- Joined: 06 Jun 2011, 17:23
- Znuny Version: 3.0.8
- Real Name: Theo Sweeny
- Company: First Clarity
Re: Setting User Permissions
I seem to have a found a fix. Here are config settings -
The user agent has a role. The role is linked to a group. The role to group permissions are set for ro. The agent to group permissions are set for note, owner, compose and forward.
This user agent can now add a note, reassign ownership, reply to and forward tickets.
The user agent has a role. The role is linked to a group. The role to group permissions are set for ro. The agent to group permissions are set for note, owner, compose and forward.
This user agent can now add a note, reassign ownership, reply to and forward tickets.
-
- Znuny newbie
- Posts: 19
- Joined: 06 Jun 2011, 17:23
- Znuny Version: 3.0.8
- Real Name: Theo Sweeny
- Company: First Clarity
Re: Setting User Permissions
Okay - I've now tried to do this for many groups but it doesn't work. The user agent has access to all the functions rather than the restricted set. Here are the config settings -
The user agent has a role. The role is linked to many groups. The roles to group permissions are set for ro. The agent is linked to many groups. The agents to group permissions are set for note, owner, compose and forward. Both the role to group and agent to group mappings are using the same groups.
One would hope that the agent would now only be able to use the note, owner, compose and forward functions. Instead, the user agent can execute all permissions / functions.
Any ideas?
The user agent has a role. The role is linked to many groups. The roles to group permissions are set for ro. The agent is linked to many groups. The agents to group permissions are set for note, owner, compose and forward. Both the role to group and agent to group mappings are using the same groups.
One would hope that the agent would now only be able to use the note, owner, compose and forward functions. Instead, the user agent can execute all permissions / functions.
Any ideas?
-
- Znuny newbie
- Posts: 19
- Joined: 06 Jun 2011, 17:23
- Znuny Version: 3.0.8
- Real Name: Theo Sweeny
- Company: First Clarity
Re: Setting User Permissions
Anyone with a view?
-
- Znuny superhero
- Posts: 723
- Joined: 10 Oct 2007, 14:30
- Znuny Version: 3.0
- Location: Hamburg, Germany
Re: Setting User Permissions
Usually one would create one Group for each Queue. This way one can handle every single permission to every single Queue. Mappings from Agents to Groups should not be done.
You then set Role permissions on Groups to define what your Agent should be able to do. In this case delete your Agent to Groups permissions and set Role to Groups permissions with 'ro' on all desired Groups and add additional permissions.
It is by far more easy to administrate Groups, since you can apply multiple Groups to Agents and Roles permissions sum up.
You then set Role permissions on Groups to define what your Agent should be able to do. In this case delete your Agent to Groups permissions and set Role to Groups permissions with 'ro' on all desired Groups and add additional permissions.
It is by far more easy to administrate Groups, since you can apply multiple Groups to Agents and Roles permissions sum up.
openSuSE on ESX
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
-
- Znuny newbie
- Posts: 19
- Joined: 06 Jun 2011, 17:23
- Znuny Version: 3.0.8
- Real Name: Theo Sweeny
- Company: First Clarity
Re: Setting User Permissions
Thank you for the help.
All the users permissions set within the Agent to Group function have been unticked for all users.The Agent to Group function has been disabled.
Now the permissions are set via the Agent to Role and Role to Group functions. These permissions are working as expected except for one user. Is there any way to debug the user agent which is not accepting the restricted settings?
All the users permissions set within the Agent to Group function have been unticked for all users.The Agent to Group function has been disabled.
Now the permissions are set via the Agent to Role and Role to Group functions. These permissions are working as expected except for one user. Is there any way to debug the user agent which is not accepting the restricted settings?
-
- Znuny newbie
- Posts: 19
- Joined: 06 Jun 2011, 17:23
- Znuny Version: 3.0.8
- Real Name: Theo Sweeny
- Company: First Clarity
Re: Setting User Permissions
To resolve the issue with the user agent’s profile that wasn't playing ball with the permissions allocated to it via the Agent to Role function. The user agent's profile was set to "invalid" and each field set to xxx except for email which was renamed to something acceptable like none@mydomain.com
Next a new user agent profile was created using the old user agent’s credentials. Next the new agent is associated back to the original role. Now the permissions work as expected.
Next a new user agent profile was created using the old user agent’s credentials. Next the new agent is associated back to the original role. Now the permissions work as expected.