I recently upgraded to 6.3 from 5.5 on the K1000.  I never noticed in 5.5, but in 6.3 I can see that all the different sets of Ticket Owner can get into all the queues and edit tickets even though they are not ticket owners for that queue or Admins for the K1000.

I have 3 queues setup:

  • Department1
  • Department2
  • Department3

For each department I created a label for the ticket owners:

  • TicketOwnersDept1
  • TicketOwnersDept2
  • TicketOwnersDept3

I have set each queue up so that:

  • TicketOwnersDept X is the Owner Label for queue Department X
  • Allow All users as Submitters is enabled
  • Allow All Users as Approvers is disabled
  • Allow Users with Administrator Role to read and edit tickets in the Users console is Enabled

Each of the Ticket Owners Groups have access to go to http://mykbox.mydomain.com/adminui for editing their tickets and seeing computer inventory but none of them are set as ticket owners in the different queues or access to some of the security pages.  Is there something I am missing because I cannot have each department editing each other's queues.

2 Comments   [ + ] Show Comments


  • In your ticket queue is the option "Allow users with an Administrator role to read and edit tickets in the User Console" enabled? If this is enabled any user with the Administrator role can read/edit tickets in the queue.

    Pg 547 of the Administrator Guide
    • Sorry just re-read your problem and I see the option is enabled. Are the users in the TicketOwnersDeptX labels admins?
  • In the list of “Users” there are several user with the built in Admin role. Those I expect to be able to access any queue.

    However I have created a couple of other roles – HelpdeskStaff and HRStaff where I have given each access to a few tabs in the ADMINUI. One of them is the Helpdesk tickets tab. Does just having access to this tab via the AdminUI give them the ability to see tickets in all queues?

    I really need my Helpdesk staff to be able to use the AdminUI so they can see inventory, distributions and assets. I do not want them to be able to see or edit tickets in the HR queue.

    I thought that the TicketOwners settings is what controlled this. I have a label for ticket owners for each group and assigned it to each queue owners property thinking that would restrict access to just those people for that queue.
    • Manually add the users that should have access to all queues to the respective user labels and un-check the option "Allow users with Administrator role to read and edit tickets in the User Console" on each queue.

      When you created the roles "HelpdeskStaff" and "HRStaff" did you create the roles from scratch or did you duplicate another built in role?
Please log in to comment


If users are accessing the service desk through the admin interface then I don't believe there is a way around this. 
Answered 05/12/2015 by: chucksteel
Red Belt

  • Yikes. That is not good. For example the IT team needs to be able to see computer inventory and push out scripts so they have to use the ADMINUI. I want to establish an HR queue, but I really do not want them to be able to see those issue that might come in.

    It also seems very cumbersome to disable the Helpdesk links in the Adminui and force the techs to use both the Adminui and Userui.
Please log in to comment
Answer this question or Comment on this question for clarity