Allow separate controls for different helpdesk queues
Allow different queues to have different users allowed to manipulate tickets. For instance, if you have a helpdesk queue, a production change control queue, and a purchasing queue, the helpdesk staff also has admin access to change control and purchasing tickets.
This is under consideration but not planned for the next release. Please continue voting if you’d like to see this feature prioritized for a future release
Gerrit Zwart commented
Yes please! We would also like to organize with more then only the view that we can change.
Matthias Smit commented
Any ETA yet?
David, have you found ANY way to allow a queue admin, config rights to his/her queue and NOT give them config rights to other queues? Support has stated that this is not possible at this time, which seems pretty absurd.
Anthony Mazzara commented
We would like the ability to give admin access (ie, add categories, change ticket layout, etc.) on a queue by queue basis, eg: give a helpdesk supervisor ability to administer their helpdesk queue, whilst not give them access to other queue's.
I created a new request that documents the need for better security around Service Desk Queues. Request is titled: Service Desk Security
Basically, we've setup 4 queues; HR, Operations, Legal, and IT. All users need access to IT (at least to create tickets).
Only HR people can have access to HR (same for Legal and Operations). And Executive people need to have access (at least read) to everything.
Thanks! This does fix a portion of my security issue.
This went along with my other suggestion, Separate Helpdesk Users and Roles from System Management, where the issue is that granting someone the ability to assign users to roles (such as letting a help desk admin assign help desk staff) also allows them to grant anyone full admin access.
The overarching issue is that my helpdesk staff wants to be able to manage staff and users in the various queues, but if I let them do that, I basically allow them to grant themselves or anyone else full priviledges via the admin roles, and basically elevate themselves into domain admin functionality through the KACE. I need the ability to let the helpdesk staff assign privileges to the helpdesk queue, and change control staff to assign privileges to the change control queue, but to also keep them out of the business of granting privileges to the rest of the KACE (and therefore the entire environment).
If I am reading this correctly, you want to be able to segregate the queue owners from being able to access other queues? If that is the case, you can do that already. All you need to do is make a separate label for each queue and add it to the “Ticket owners by label”. That will only allow that label group access to that queue’s ownership. You also do not need to have the queue owners log directly into the adminui console in order to work the tickets. They can work the tickets vie the userui portal, which helps restrict them down even more on what they can do in the KBOX. This is how I currently have mine setup. I have multiple queue’s but only the owners of that queue has access to it and none of them ever logs into the actual adminui to work the tickets.