Ticket Owners can get into each others queues and edit
I recently upgraded to 6.3 from 5.5 on the K1000. I never noticed in 5.5, but in 6.3 I can see that all the different sets of Ticket Owner can get into all the queues and edit tickets even though they are not ticket owners for that queue or Admins for the K1000.
I have 3 queues setup:
- Department1
- Department2
- Department3
For each department I created a label for the ticket owners:
- TicketOwnersDept1
- TicketOwnersDept2
- TicketOwnersDept3
I have set each queue up so that:
- TicketOwnersDept X is the Owner Label for queue Department X
- Allow All users as Submitters is enabled
- Allow All Users as Approvers is disabled
- Allow Users with Administrator Role to read and edit tickets in the Users console is Enabled
Each of the Ticket Owners Groups have access to go to http://mykbox.mydomain.com/adminui for editing their tickets and seeing computer inventory but none of them are set as ticket owners in the different queues or access to some of the security pages. Is there something I am missing because I cannot have each department editing each other's queues.
2 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
chucksteel
8 years ago
If users are accessing the service desk through the admin interface then I don't believe there is a way around this.
Comments:
-
Yikes. That is not good. For example the IT team needs to be able to see computer inventory and push out scripts so they have to use the ADMINUI. I want to establish an HR queue, but I really do not want them to be able to see those issue that might come in.
It also seems very cumbersome to disable the Helpdesk links in the Adminui and force the techs to use both the Adminui and Userui. - JordanNolan 8 years ago
Pg 547 of the Administrator Guide - jfields 8 years ago
However I have created a couple of other roles – HelpdeskStaff and HRStaff where I have given each access to a few tabs in the ADMINUI. One of them is the Helpdesk tickets tab. Does just having access to this tab via the AdminUI give them the ability to see tickets in all queues?
I really need my Helpdesk staff to be able to use the AdminUI so they can see inventory, distributions and assets. I do not want them to be able to see or edit tickets in the HR queue.
I thought that the TicketOwners settings is what controlled this. I have a label for ticket owners for each group and assigned it to each queue owners property thinking that would restrict access to just those people for that queue. - JordanNolan 8 years ago
When you created the roles "HelpdeskStaff" and "HRStaff" did you create the roles from scratch or did you duplicate another built in role? - jfields 8 years ago