we are planning to use zammad. We would like to let internal organization units administrate themselves.
So one admin-light should be able to give groups and group-permissions to “his” agents.
What we do not want is this admin-light to give groups and group-permissions to groups, that do not belong to his organization unit. Is there a chance to achieve this?
thank you for answering! Intern we are using LDAP. So we plan to give all users the role customer.
Agents should be controlled by organizational unit admin. Giving roles through LDAP might not be flexible enough. Or in other words I am afraid our users do not know what they need yet.
External users will be there on top, but only customers, so no special permissions needed here.
Perhaps I have to add one more example. We are working with student assistents, so getting these in the right LDAP group just in time to get their user ready for work is often difficult.
We would prefer not to administrate their users from our IT department. So any suggestions how to seperate group administration?
While you can provide (preferebly via LDAP for simplicity) specific users to be administrators with reduced rights (so e.g. user & roles only), you cannot restrict those users to only touch specific users or groups of users.
The permissions always count for the complete menu point and can’t be restricted further.