Hi. As we often work with external freelancers that need to take care of certain tickets, we are looking for a solution to restrict their access to these specific tickets. So far the only solution I found are agent queues as described here:
viewtopic.php?f=62&t=27460&p=110564
For us this is cumbersome as our freelancers change quite often and we use LDAP.
Is there a setting or add-on to restrict access of certain agent only to tickets they own?
Any other alternatives?
Help really appreciated.
Q: Restrict agent access to assigned tickets only
Moderator: crythias
-
- Znuny newbie
- Posts: 5
- Joined: 18 Oct 2018, 15:13
- Znuny Version: 6.0.x
- Company: Docucom AG
-
- Znuny newbie
- Posts: 75
- Joined: 27 Aug 2018, 13:50
- Znuny Version: Community
- Real Name: Christian Clavet
- Company: Tact Group
Re: Q: Restrict agent access to assigned tickets only
Hi! There some solutions but they might involve more work from your staff...
First thing that would come to mind is create a special queue for theses types of agents (freelancers queue). But I might be wrong and have not totally understood what your looking for.
Your main agent would move the ticket in there. These agents (freelancers) would not be see anything else that what is in this queue. But you could give them access to "drop" the ticket back (no read access at all) once they complete their part.
This would mean:
A. Main agents "filter" what ticket can be worked by your freelancers and move the designated ticket in their queue.
B. The freelancers would work on those tickets. They would not be able to see the other queues tickets, but your main agents would be able to see in their queue.
C. All freelancers will see the tickets in their queue. So Freelancer A will see Freelancer B tickets.
For the LDAP, try to set the LDAP to give them a role linked to a AD group. Would be easier to manage. You would set queue groups setting in that role settings.
First thing that would come to mind is create a special queue for theses types of agents (freelancers queue). But I might be wrong and have not totally understood what your looking for.
Your main agent would move the ticket in there. These agents (freelancers) would not be see anything else that what is in this queue. But you could give them access to "drop" the ticket back (no read access at all) once they complete their part.
This would mean:
A. Main agents "filter" what ticket can be worked by your freelancers and move the designated ticket in their queue.
B. The freelancers would work on those tickets. They would not be able to see the other queues tickets, but your main agents would be able to see in their queue.
C. All freelancers will see the tickets in their queue. So Freelancer A will see Freelancer B tickets.
For the LDAP, try to set the LDAP to give them a role linked to a AD group. Would be easier to manage. You would set queue groups setting in that role settings.
----------------------------------------------
OTRS Community 6.0.11
Debian 9.0
MariaDB
OTRS Community 6.0.11
Debian 9.0
MariaDB
-
- Znuny newbie
- Posts: 5
- Joined: 18 Oct 2018, 15:13
- Znuny Version: 6.0.x
- Company: Docucom AG
Re: Q: Restrict agent access to assigned tickets only
Thank you very much for your feedback.
I like the idea about the "freelance queue" in combination of an AD group "Freelancers" tied to that queue. Regarding the "not seeing" other freelancer tickets, I will try to create an ACL rule "owner = current user" which restricts access to functions like "view ticket details" "search" and so on. Then a freelancer could still see all ticket subjects in the queue/overview but not the details.
Regarding the LDAP groups I see no way to create per agent queues automatically.
I think we are getting close but a bit cumbersome ... Is there really no "easy way" to achieve this?
I like the idea about the "freelance queue" in combination of an AD group "Freelancers" tied to that queue. Regarding the "not seeing" other freelancer tickets, I will try to create an ACL rule "owner = current user" which restricts access to functions like "view ticket details" "search" and so on. Then a freelancer could still see all ticket subjects in the queue/overview but not the details.
Regarding the LDAP groups I see no way to create per agent queues automatically.
I think we are getting close but a bit cumbersome ... Is there really no "easy way" to achieve this?
-
- Znuny newbie
- Posts: 5
- Joined: 18 Oct 2018, 15:13
- Znuny Version: 6.0.x
- Company: Docucom AG
Re: Q: Restrict agent access to assigned tickets only
In case you have a similar requirement, here is how we limited access for external agents.
1. As suggested, we created a queue and group for external agents.
2. We defined an ACL for every external agent where certain ticket actions (zoom etc.) are only possible, when logged in user equals ticket owner.
3. We restricted the following frontend modules to internal groups only:
CIC > Frontend::Module###AgentCustomerInformationCenter
Search > Frontend::Module###AgentTicketSearch
Ticket queues > Frontend::Module###AgentTicketQueue
Ticket by service > Frontend::Module###AgentTicketService
Ticket by escalation > Frontend::Module###AgentTicketEscalationView
Ticket by status > Frontend::Module###AgentTicketStatusView
New phone ticket > Frontend::Module###AgentTicketPhone
New email ticket > Frontend::Module###AgentTicketEmail
Calendar > Frontend::Module###AgentAppointmentCalendarOverview
In this scenario our external agents can process specific tickets meanwhile our confidential customer data is protected.
1. As suggested, we created a queue and group for external agents.
2. We defined an ACL for every external agent where certain ticket actions (zoom etc.) are only possible, when logged in user equals ticket owner.
3. We restricted the following frontend modules to internal groups only:
CIC > Frontend::Module###AgentCustomerInformationCenter
Search > Frontend::Module###AgentTicketSearch
Ticket queues > Frontend::Module###AgentTicketQueue
Ticket by service > Frontend::Module###AgentTicketService
Ticket by escalation > Frontend::Module###AgentTicketEscalationView
Ticket by status > Frontend::Module###AgentTicketStatusView
New phone ticket > Frontend::Module###AgentTicketPhone
New email ticket > Frontend::Module###AgentTicketEmail
Calendar > Frontend::Module###AgentAppointmentCalendarOverview
In this scenario our external agents can process specific tickets meanwhile our confidential customer data is protected.