Read only access to specific service desk queues
We have separate queues for HR use only (new hires, terms, job changes).
I want to make it so that HR users can see all tickets in one of those queues, regardless of who submitted them.
The only way I found to do this was to give them a read-only role for the admin console, and then make them a ticket owner for those queues. The problem is:
If they login to the admin console, they can see all tickets, they can't change make changes to them (even on their own), and they can't create new tickets.
If they login to the user portal, they can see all tickets, but they can also change them all because they are in fact owners. We don't want them to have this much power.
Ideally we'd like them to be able to see all tickets in the specific queues they need access to, but only be able to edit their own. They also should be able to create new tickets. And it all has to be accomplished by logging into only ONE console (user or admin).
Any suggestions? I can't think of any other way to finangle this.
There's not a way to get it to work specifically as I describe above, but an alternate solution is to have a single HR user account that everyone on that team uses to login to submit these requests. We wouldn't know who specifically submitted the request, but we could just add another custom field for that.