ITSM Helpdesk Permissions
This page describes the permission model underlying the ITSM Helpdesk. There are two types of permissions: "Vertical" permissions per user profile and "horizontal" permissions based on ticket membership.
Vertical (per group) Permissions
These permissions are set per user profile (profiles are a special type of groups) using privileges. You can modify these privileges in the Admin -> Profiles:
Is the current user allowed to create new tickets?
Is the current user allowed to create tickets in the name of customers? (Customers can be external customers or the users in a business department in the case of an internal IT using ]po[).
Allows the current user to access all tickets in the system.
Allows the current user to modify all tickets in the system.
This privilege allows users to change the status of a ticket, even though it is under the control of a workflow.
Horizontal (per ticket) Permissions
These permissions are set depending on the relationship of the current user to a specific ticket. There are several ways how a user can relate to a ticket:
- Owner of a ticket:
A ticket owner is the user who created the ticket. This user is automatically added to the list of ticket members.
- Ticket Customer Contact:
This is the user who requested the service underlying the ticket. The customer contact is automatically added to the list of ticket members.
The customer contact normally has no write permission to the ticket (can't modify the state of other information), except for changing the ticket status to "closed" and "approved".
- Assignee of a ticket:
Assignees are responsible for performing the work requested as part of the ticket. Assignees are automatically added to the list of ticket members.
- Member of a ticket:
Ticket members are allowed to access (read) a ticket page, which includes the ticket base data, the ticket discussions and all other portlets on the ticket page. These permissions can be limited by setting specific permission on each portlet. Ticket members are also allowed to participate in ticket discussions.
Ticket membership also works on a group level, if an entire group has been added as a "member" of the ticket and the current user is a member of this group.
- Member of a ticket queue:
If the ticket is assigned to a queue, all members of the queue gain read access to the ticket.
- Administrator of a ticket:
Ticket administrators are allowed to modify the ticket base data, to moderate ticket discussions and to add or remove users from the list of ticket members.
- Workflow Assignee:
Workflow assignees have been added to perform a workflow task related to the ticket. WF assignees automatically gain read access to the ticket.
- Member of the Ticket's Customer Company:
Each ticket belongs to a SLA (service level contract) which in turn belongs to a customer company paying for the SLA services. Being a member of this customer company automatically grants read access to the tickets of this customer.