Q: Restrict agent access to assigned tickets only

Moderator: crythias

Post Reply
dcotrsadmin
Znuny newbie
Posts: 5
Joined: 18 Oct 2018, 15:13
Znuny Version: 6.0.x
Company: Docucom AG

Q: Restrict agent access to assigned tickets only

Post by dcotrsadmin »

Hi. As we often work with external freelancers that need to take care of certain tickets, we are looking for a solution to restrict their access to these specific tickets. So far the only solution I found are agent queues as described here:
viewtopic.php?f=62&t=27460&p=110564
For us this is cumbersome as our freelancers change quite often and we use LDAP.

Is there a setting or add-on to restrict access of certain agent only to tickets they own?
Any other alternatives?
Help really appreciated.
christianclavet
Znuny newbie
Posts: 75
Joined: 27 Aug 2018, 13:50
Znuny Version: Community
Real Name: Christian Clavet
Company: Tact Group

Re: Q: Restrict agent access to assigned tickets only

Post by christianclavet »

Hi! There some solutions but they might involve more work from your staff...

First thing that would come to mind is create a special queue for theses types of agents (freelancers queue). But I might be wrong and have not totally understood what your looking for.

Your main agent would move the ticket in there. These agents (freelancers) would not be see anything else that what is in this queue. But you could give them access to "drop" the ticket back (no read access at all) once they complete their part.

This would mean:
A. Main agents "filter" what ticket can be worked by your freelancers and move the designated ticket in their queue.
B. The freelancers would work on those tickets. They would not be able to see the other queues tickets, but your main agents would be able to see in their queue.
C. All freelancers will see the tickets in their queue. So Freelancer A will see Freelancer B tickets.

For the LDAP, try to set the LDAP to give them a role linked to a AD group. Would be easier to manage. You would set queue groups setting in that role settings.
----------------------------------------------
OTRS Community 6.0.11
Debian 9.0

MariaDB
dcotrsadmin
Znuny newbie
Posts: 5
Joined: 18 Oct 2018, 15:13
Znuny Version: 6.0.x
Company: Docucom AG

Re: Q: Restrict agent access to assigned tickets only

Post by dcotrsadmin »

Thank you very much for your feedback.
I like the idea about the "freelance queue" in combination of an AD group "Freelancers" tied to that queue. Regarding the "not seeing" other freelancer tickets, I will try to create an ACL rule "owner = current user" which restricts access to functions like "view ticket details" "search" and so on. Then a freelancer could still see all ticket subjects in the queue/overview but not the details.
Regarding the LDAP groups I see no way to create per agent queues automatically.
I think we are getting close but a bit cumbersome ... Is there really no "easy way" to achieve this?
dcotrsadmin
Znuny newbie
Posts: 5
Joined: 18 Oct 2018, 15:13
Znuny Version: 6.0.x
Company: Docucom AG

Re: Q: Restrict agent access to assigned tickets only

Post by dcotrsadmin »

In case you have a similar requirement, here is how we limited access for external agents.

1. As suggested, we created a queue and group for external agents.
2. We defined an ACL for every external agent where certain ticket actions (zoom etc.) are only possible, when logged in user equals ticket owner.
3. We restricted the following frontend modules to internal groups only:
CIC > Frontend::Module###AgentCustomerInformationCenter
Search > Frontend::Module###AgentTicketSearch
Ticket queues > Frontend::Module###AgentTicketQueue
Ticket by service > Frontend::Module###AgentTicketService
Ticket by escalation > Frontend::Module###AgentTicketEscalationView
Ticket by status > Frontend::Module###AgentTicketStatusView
New phone ticket > Frontend::Module###AgentTicketPhone
New email ticket > Frontend::Module###AgentTicketEmail
Calendar > Frontend::Module###AgentAppointmentCalendarOverview

In this scenario our external agents can process specific tickets meanwhile our confidential customer data is protected.
Post Reply