I’m new to the Zammad world and have a requirement that I haven’t been able to resolve yet. I hope it’s due to my lack of knowledge.
We have a customer who wants to support with us, but also creates their own tickets (customer key user). They do some 1st level support, if they can and we do the rest, including higher levels. Since we also want to support other customers in Zammad, we’ve come up with the following scenario, but so far it hasn’t worked, or rather, I can’t get it to work.
We have the following scenario:
Normal user Customer 1
Creates their own tickets, which only they can see, not other normal users Customer 1
Agent Customer 1
Creates their own tickets, which other agent Customer 1 can also see/ edit, but they can also see/ edit all tickets belonging to normal users Customer 1.
Should only see tickets from their organization or their normal user Customer 1.
They are not allowed to see other customers (2, 3, 4,…) or tickets.
Agent (Our Company)
We want to be able to see and edit tickets from Agent Customer 1 and normal user Customer 1.
Of course, also from all other customers (2, 3, 4,…)
How can I solve this? It only works via organization, if I set it to shared organization for normal Customer 1. But then all users of Customer 1 can see their tickets?
It doesn’t work via groups, because then everyone can see the groups.
I’m completely at a loss.
Seems to me like you’re mixing topics here. Shared Orgs only create visibility for other customers inside the org. Groups define which agent can work on what tasks. You’ll need to set the permissions for the role you apply to this user and include permission to work on the group you defined for this.
If I divide my users into groups, the customer key user can still see all my other customers, at least when selecting a new ticket. So that’s definitely not possible.
Furthermore, he can’t see the tickets of the customer users, only his customer key users, even though he has the right to see both.
Does anyone have a short, dummy guide for me on how to set up permissions? I would be very grateful.
I have answered this kind of question at least once on here, but honestly am much too lazy to look it up for you. An agent in Zammad has always access to all customers and thus you’d leak data from your other customers to that one special customer agent.
Shared organizations is your best bet, with all the downsides on the other side.
Oh, first of all, thanks for the answer.
That’s very bad. That could be a no-go argument. Is it clear why zammad do it that way? If you deny someone access to others, you don’t want them to still “see” them, do you?
Has anyone perhaps written a modification for Zammad in this regard, or is it too much at the core of the system and therefore too complex?
If others have already asked this, it could in principle also be an interesting point for Zammad.
Hi, I don’t think so. In my opinion, it’s an absolutely important and substantial feature to be able to divide customers and agents into certain groups, and only then can they see their areas. I think it could even pose a problem with GDPR. But I’m not an expert on that.
I’ve used it so far with OTRS and most recently with osTicket. It worked without any problems there.
The question would be whether Zammad and the developers plan to implement it in the future or not? Because I think the system is fundamentally very good and has potential.
Agent wise this is possible without problems. You just can‘t restrict agents to see only a subset of users when using the search function. This kind of thing usually is needed only with multi tendancy which Zammad doesn‘t support on user level entirely.
Fill in a festure request if there isn‘t one yet. That‘s the only way, apart from sponsoring (that you don‘t wanna do, which is fine), to get into the right direction.
Hi, I spoke with our developers and they’ve now integrated a simple solution for me. If the agent isn’t part of our admin company (i.e., a customer agent), they’ll only see what’s assigned to them. It’s simple, but it’s working as a workaround for us for now.
Nevertheless, thank you very much for trying to help me.