Extension of the authorization concept for subscribers without group rights and explicit granting of change rights for subscribers from a member of the group

How Zammad is used:
Zammad is used for the entire company and there is one user group per department (Support, Finance, Sales, Pre-Sales, Product Support, Partner Support, Management, HR, IT, Development, Delivery). Zammad is used for internal tickets between departments, for internal tasks related to customers and for communication to and from customers. Some employees have multiple roles and work across departments.

User Story:
There may be times when an employee is working on a case and needs to hand it off to another group/department for which they do not have read or change privileges. However, the employee should still be involved in the case (e.g., to deal with a customer that the employee is personally responsible for). However, the employee cannot be included further in the case, because he is not allowed to read other tickets of the group, because the group also processes sensitive tickets.

Problem description:

  1. if the employee sets himself to subscribe before the ticket is transferred to the other department, then this has no effect and he still cannot read the ticket because he has no rights.

  2. the other way round it is also not possible that the finance department gets the right to grant employees who do not have group reading rights to view the ticket by mentioning it.

  3. even if the employee is given read rights to the department (which is not allowed), then the employee cannot add internal or external notes.

Suggested improvement:
Extend the rights concept that for certain roles (groups) it can be configured that the group has the right to mention other participants from other groups and the mentioned then gets read rights on the ticket with the possibility to write internal comments.
Enhanced feature that the subscribed member of the group additionally gets the right to modify by the group clicking on the icon of the subscribed person and can give him write permissions.

1 Like