We want to use KACE to enter tickets centered around Peoplesoft.  However, we are worried about people having visibility into personal\sensitive data contained within the ticket.  Does anyone know if it is possible to create security around the ticket Category (or some other way) that would help us address this?

Answer Summary:
Cancel
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

1

The short answer is, if anyone is a admin or ticket owner then can see any data on any ticket owned by anyone. There isn't that level of control yet in the kbox. 

Answered 04/30/2013 by: nshah
Red Belt

Please log in to comment
1

If you need to make a set of tickets more secure you will need to have them in their own queue at the very least. 

Answered 05/01/2013 by: chucksteel
Red Belt

Please log in to comment
1

Thank you both for your answers.  Chucksteel, I didn't think about having a seperate qeue.  I may persue that idea.  -  Thanks again.

 

Answered 05/01/2013 by: Robbieb
Orange Belt

  • Yes but remember someone with an admin or ticket owner can switch over to a queue and see tickets.
    • That's not entirely true. If they are a potential owner in the queue, then yes they can see the tickets, but just being an admin doesn't grant this. I have setup queues that I normally don't have access to, without making myself a potential owner. The trick is to make sure you uncheck the Grant read/edit permissions to users with an Admin role (admin portal only) option in the queue configuration.

      With that setup I can't get to the queue at all without changing the queue configuration, and I can only do that because I'm the KACE administrator. Since I'm not even a potential submitter in the queue it doesn't even show up on my list of queues.
  • Looks like you are 100% correct chucksteel but it also looks like you can do a all queues > active tickets and see the tickets that way. Also as i am still submitter, i was able to create a ticket and the test queue reappeared in my drop down again even with Grant read/write still unchecked. I removed myself from submitter but still can see tickets from the all queue > active tickets.

    I create a new queue
    gave it a different label as owner
    unchecked Grant read/edit permissions...

    It doesn't appear in m switch to queue but i can see all tickets and see the test ticket i created in the queue.

    is that the same for you?
    • This is a little weird. I can't see the tickets under All Queues, Active Tickets, but I can see them under All Queues, All Tickets. However, when I try to view any of the tickets I get a message saying that I don't have access to it.
  • It could be a process issues and certain things have to be done in certain steps. I will try again but I was able to view the ticket even though I wasn't an owner, and grant read/edit was taken away.

    another issue could be our box is almost pre 3.0 in version and has just been upgraded over the last 6 years. There could be some old stuff still lingering around that wasn't fully changed as we went from version to version. This is alittle far fetched but one never knows.
Please log in to comment
1

Ultimately what nshah and chucksteel are getting atis you need to be very selective and careful about how you assign your user labels, and I've found that if you want to be more granular it does take more labels. The same goes for the different roles in the K1000. For the level of confidentiality you're looking to maintain it may be a trick to accomplish in the K1, but I think with what they've listed you'll have a great start.

Answered 05/01/2013 by: GeekSoldier
Red Belt

  • Thanks to all of you. I have been able to create a new queue called "people soft" and make it only visible to members of the people soft label. Under the user preferences section I unchecked the Allow all users as submitters optionand Restriced Submitters to the People Soft Users. I also Unchecked the "Grant read/edit permissions to users with an Admin role" check box so help desk staff, etc could not see the queue. I have a bit more testing to do but so far it seems to be working. Thank you for everyone's input.
Please log in to comment
Answer this question or Comment on this question for clarity

Share