We have two partner companies who we gave user names so they can login and provide tech support from inside our system under our name. It works well but they have too much access into our system.

They can only see one mailbox, however they can also see a lot of other info:
A full list of all mailboxes, address book, and other internal info

we would like to be able to set a user or group to ONLY be able to see tickets in the mail box assigned to them and nothing else...

Is there a way to make such a secure login in v4?

Thanks,
Todd

Hey Todd,

My ideal solution here would be to build a custom Community Tool which allowed these outsource workers to log in and write responses. That would be the most secure, and the most safeguarded against future development or plugins -- without complicating the normal internal use of the helpdesk.

Using our Community Tool system, their access would be completely limited to what the tool exposed. They wouldn't have default access to everything in your helpdesk -- our API would allow us to quickly provide the necessary functionality (such as ticket worklists and replies) to the alternative interface.

Essentially it would be a slightly more elaborate Support Center, but where outsourced workers could see pending e-mail from specific Groups/Buckets (as determined by the tool configuration).

Does something like that sound workable?

if they can see their tickets and reply or comment them for us to see that is all we need....

Our only requirement is that they reply look like it is from us and we can track it like any ticket...

How would we do this? Do we need custom code? We plan to make the upgrade in January if all testing goes well...

Thanks!
-Todd

Todd,

It is guaranteed that the email will just be sent to the helpdesk as if it were any normal email, so it will appear in the ticket list as any other message would (since it will be parsed by the parser as if it were a normal email - in fact, that is how new replies are added in the support center if I understand correctly.)

@Neenach:

That's not exactly what he was asking.

This is about outsourced workers logging into a portal to send e-mail to customers. Not customers sending e-mail into the helpdesk.

@todd999:

Sounds good. Yeah, it's not a problem for the community tool to use the exact same API/code for replying as the main GUI. It will be indistinguishable, other than the fact they're safely locked out of your other functionality/info.

It would be a custom plugin, and it's something I can explore as I get some time. It's a really straightforward mini-project.

it looks like your new group permissions will enable us to do this..

Am I correct?
Can we block access to the address book and other areas for some groups?

If so THANKS!

IF not we will still do the custom work when you are ready.

-Todd

Hey, Todd,

I've been going through some of the older forum posts related to custom access and things, and if you're still looking for something that will allow these outside people to log in and do tickets without seeing the address book, you may want to take a quick look at the Web-API.

I recently finished the example Support Center and put it up, and you could likely take a number of queues from that in terms of developing an interface for your outside support personnel. Take a look at http://wiki.cerberusdemo.com/index.php/Web-API if you're interested.

The new Group permissions system gets us 90% of the way there but we still need to be able to block some users from the address book and KB.

Can you add a check mark to each user account to allow or block access to these resources.. like you have in v 3.6


Things we may block for outside (non-employee) users:
Address Book
Knowledgebase
Reports
any CRM Ops


please add this back in...

Thanks
-Todd

Can you add a check mark to each user account to allow or block access to these resources.. like you have in v 3.6

Things we may block for outside (non-employee) users:
Address Book
Knowledgebase
Reports
any CRM Ops


I don't think there's been any new effort to block read permission beyond the group-level ticket access. Just so the developers are aware that this is still a needed request I filed a new issue at:

http://www.wgmdev.com/jira/browse/CHD-825

Hopefully if there's enough interest from the community, this will eventually be scheduled for a full implementation.

Am I really the only one who was using the group permissions check boxes to limit the access of some users in v3.6?

Below are the options in v4 to date:
Administrator
Can Permanently Delete Tickets

No Control over access to Address Book or KB

Here is a list of what was in v3.6:
Helpdesk - Tickets
Can Modify Tickets
Can Delete Tickets
Can Modify Other Agent's Ticket Flags
Can Ban Senders
Can Modify Ticket Views

Helpdesk - Address Book
Can Modify Company Records
Can Modify Contact Records

Helpdesk - Knowledgebase
Can View Knowledgebase
Can Modify Knowledgebase Articles
Can Delete Knowledgebase Articles

Helpdesk - Reports
Can Run Reports
Can Install Reports

Configuration - General
Can Enter Configuration Menu

Configuration - Helpdesk
Can Modify Global Settings
Can Modify Agents
Can Delete Agents
Can Modify Teams
Can Delete Teams
Can Modify Tags
Can Delete Tags
Can Purge Deleted Tickets/Files
Can Optimize/Repair Database
Can Purge Attachments
Can Import/Export Data
Can Modify Scheduled Tasks
Can Modify Custom Field Definitions
Can Modify SLA Plans
Can Modify Schedules
Can Reindex Search Indexes
Can Configure Workstation™ (Desktop UI)

Configuration - Parser
Can Modify POP3 Accounts
Can Delete POP3 Accounts
Can Import Raw E-mail Messages
Can Manage Failed Parser Messages
Can Modify Queues
Can Delete Queues
Can Manage Queue Catchall Rules
Can Modify Mail Rules
Can Delete Mail Rules

Configuration - Support Center
Can Modify Support Center Profiles

Can't See Customer E-mail Addresses


While I personally do not need all of the above ( Just address book and KB) I find it strange that the security in v3.6 was so much better than in v4.

We have paid for v4 twice, once as an upgrade and also for the monthly hosting for a test account for the past 6+ months. We are still unable to upgrade and use the new system due to the lack of security.

Please address this I am willing to fund the work if I am indeed the only person who cares about this feature.

Best,
Todd