ACL - Tickets are still shown when they shouldnt be

[cbruigom]

Hi There,

I have created a set of ACL's in an attempt to prevent certain agents seeing certain queues as well as the tickets in those queues, however what is happening is just the actual queue is not displayed the tickets in those queues can still be seen if clicking on queueview for example. Does anyone have any suggestions for me? My ACL is shown below.

It shows that the agent_ufs01 should only be able to see queues qUFSSubA and qUFSFeedback which is the case when selecting available queues to move into (so the match works) however all the tickets in the other queues are still viewable through the dashboard and queueview for example. How do you get the ACL to also disallow the agent to see the tickets in those queues?

Code: Select all

$Self->{TicketAcl}->{"aclUFSAgent01"} = {
  'Possible' => {
    'Ticket' => {
      'Queue' => [
        'qUFSDefault::qUFSSubA',
        'qUFSFeedback'
      ]
    }
  },
  'PossibleNot' => {
    'Ticket' => {
      'Queue' => [
        'qSales',
        'Postmaster',
        'qDemoCustomer',
        'qService',
        'qUFSDefault',
        'qUFSDefault::qUFSSubB'
      ]
    }
  },
  'Properties' => {},
  'PropertiesDatabase' => {
    'User' => {
      'UserLogin' => [
        'agent_ufs01'
      ]
    }
  },
  'StopAfterMatch' => 0
};

[Giulio Soleni]

Hi,
I am sorry but... why using a complex ACL instead of assigning your agents the correct rights to access your queues through Agents <-> Groups permissions matrix??

[Rotyn]

You got the idea of ACL completely wrong. Let me explain it in simple words:

Yes, ACL can hide queues, but only in selection fields. Means you can not select these queues, because the choice is "hidden"

No, ACL can not hide the tickets in a queue if the agent has permissions for these queues.

Simple example: you can hide the ticket action "history" for all agents by an ACL.

Code: Select all

    Possible:
      Action:
        AgentTicketHistory: '0'

What does it mean?

In the web interface this menu item "history" is no longer visible, but you can still access the history. How? Simply by a direct access via URL

..../index.pl?Action=AgentTicketHistory;TicketID=xxx

Conclusion: The access to tickets can only be controlled by roles / groups and not by ACL

[cbruigom]

Thanks for responding, the reason I was using ACL's was I wasnt aware that role/group could allow me to secure certain queues/tickets based on role/agent. Please can you give me an example of how you would achieve this as I still dont see how to do it?

I am looking to securing different queues to different roles as well as the tickets in those queues to different roles.

Thanks in advance

[crythias]

Each queue has its own group.
Each agent can be a member of multiple groups.
Tickets that are in queues that do not belong to groups which an agent is a member will not be seen by that agent.
Roles are settings for a grouping of groups.

[cbruigom]

Thanks crythias,

My missing link was the group in the queue definition - thanks for all the help guys!