Important: If you are a Zammad Support or hosted customer and experience a technical issue, please refer to: support@zammad.com using your zammad-hostname / or company contract.
Used Zammad version: 2.6
Used Zammad installation source: (source, package, …) RPM
Operating system: RHEL 7.5
Browser + version: Firefox 63
Expected behavior:
When users are synced via LDAP where there is a role mapping configured to assign them to the correct department, I would expect that those users are automatically assigned permissions as set in the role itself.
Actual behavior:
I’ve just added a new department to our Zammad and have added 16 agents via LDAP sync. Each of the added users appear in the correct role as per the mapping but have no permissions assigned. I am having to manually touch each user record to add them in before they can access the correct ticket stream. I would have though that the point of asking for role based permissions at the role level was so that users subsequently placed in that role would inherit those permissions. Otherwise what’s the point of it being there?
Am I missing a setting somewhere or does this just not work correctly?
My shot in the blue is that the user rights on the role is not correct. Because if the role assignment based on your role, then the LDAP synch is just running fine.
I would expect that if an LDAP user is in the security group for say IT Agents and Zammad matches it as so then the rights assigned to that role would propagate to the user that is added.
If Zammad applies the role correctly and it has correct rights, there shouldn’t be any trouble.
This might be temporary caching problem or invalid role configuration.
Highlighted option needs to be set in order the group rights are effective within a role.
When using role based group permissions (like let’s say read for group “2nd level”) you also need to tick “agent - Access to Agent tickets based on Group Access” on that role in order to make the group rights work. Otherwise it is ticket, but not working (by design)