Used Zammad installation source: (source, package, …) Ubuntu Package
Operating system: Ubuntu 18.04
Browser + version: any
I have successfully imported my users from Active Directory and found the appropriate setting to assign the Agent’s Role only to AD-users from a sepcific AD-group.
However, I need help to assign my agents to specific groups in zammad. So this is what I need:
Users in AD-group “Departement 1” should be synced to “Departement 1” group in zammad;
Users in AD-group “Departement 2” should be synced to “Departement 2” group in zammad;
And while Agents from Departement 1 & 2 have only access to their own groups in zammad, Users in AD-group “admin” should have read/write access in all zammad groups.
So this is what I did: I successfully setup LDAP to pull my agents from Active Directory. However, they are granted read/write access to the default group “users” and I have to manually grant access to their desired group. Since all users are already in a matching group in Active Diretory, I wanted to automate that process.
Another point I didn’t understand yet: where can I assign a ticket to a specific group? is it possible to transfer tickets between groups? Same question for overviews: can I create overviews that are only available to a specific group or user?
You need to create roles. Inside those roles you define access rights to groups.
In the ldap config you map directory groups to roles exactly one time - with every ldap sync the users gets automatically assigned to the configured roles based on their directory group.
You don’t add users to groups in zammad. You just give them a role which has rights to certain groups.
I’m sorry, i don’t mean to be harsh but all that is wirtten in those docs - that’s why i linked them.
I now assigned the AD-group to my role and re-synced with the AD. The users in zammad appear successfully in the designated role. However it did not copy the access permission to the group that was set for that role:
for users with write-permissions in more than one group, the group has to be selected for each created ticket (if not done thru the incoming channel) Is it possible to pre-select a default group?
Umm… yes it is, as long as your agent is allowed to do so.
I wasn’t aware that an explicit note of that is needed, a Pull Request for the place you think fits best is highly welcome!
Yes and no.
The only option (apart from Triggering that stuff which makes not so much sense) is to use Ticket Templates ( Ticket Templates — Zammad User Documentation documentation ). Those templates are only available within ticket creation and can hold more than just a pre selected group.
I’m not sure what would be the best place, I just can tell where I looked for it: in the Ticket-instructions and in the Group-description
Template’s are a nice feature, however in this case it safes the agent only one click. Manually selecting a group and owner means 4 clicks, selecting a template with pre-set group and user is 3 clicks. In my scenario I have agents with admin privileges on other groups besides their own, however in normal workflow they create tickets only within their own group. So a lot of unnecessary clicks for them. Currently I solved that issue by giving them an additional accout for their admin-tasks, but to me thats not an elegant way.
This documentation part surely isn’t perfect at the moment, as this overlaps with “Users”. I’m planning to optimize that part in the future. I could think of adding a note regarding the role system to “Groups” as well, do you think this would have helped?
I’m afraid, there’s no way of doing that natively in the UI at the moment - sorry about that.