How can we improve the SMA (K1000)?

Allow separate controls for different helpdesk queues

Allow different queues to have different users allowed to manipulate tickets. For instance, if you have a helpdesk queue, a production change control queue, and a purchasing queue, the helpdesk staff also has admin access to change control and purchasing tickets.

98 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Donald shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Nick Buonpastore responded  · 

    This is under consideration but not planned for the next release. Please continue voting if you’d like to see this feature prioritized for a future release

    8 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Jason commented  ·   ·  Flag as inappropriate

        David, have you found ANY way to allow a queue admin, config rights to his/her queue and NOT give them config rights to other queues? Support has stated that this is not possible at this time, which seems pretty absurd.

      • Anthony Mazzara commented  ·   ·  Flag as inappropriate

        We would like the ability to give admin access (ie, add categories, change ticket layout, etc.) on a queue by queue basis, eg: give a helpdesk supervisor ability to administer their helpdesk queue, whilst not give them access to other queue's.

      • Brian commented  ·   ·  Flag as inappropriate

        I created a new request that documents the need for better security around Service Desk Queues. Request is titled: Service Desk Security

      • Brian commented  ·   ·  Flag as inappropriate

        Basically, we've setup 4 queues; HR, Operations, Legal, and IT. All users need access to IT (at least to create tickets).
        Only HR people can have access to HR (same for Legal and Operations). And Executive people need to have access (at least read) to everything.

      • Donald commented  ·   ·  Flag as inappropriate

        Hi David,

        Thanks! This does fix a portion of my security issue.

        This went along with my other suggestion, Separate Helpdesk Users and Roles from System Management, where the issue is that granting someone the ability to assign users to roles (such as letting a help desk admin assign help desk staff) also allows them to grant anyone full admin access.

        The overarching issue is that my helpdesk staff wants to be able to manage staff and users in the various queues, but if I let them do that, I basically allow them to grant themselves or anyone else full priviledges via the admin roles, and basically elevate themselves into domain admin functionality through the KACE. I need the ability to let the helpdesk staff assign privileges to the helpdesk queue, and change control staff to assign privileges to the change control queue, but to also keep them out of the business of granting privileges to the rest of the KACE (and therefore the entire environment).

      • David commented  ·   ·  Flag as inappropriate

        If I am reading this correctly, you want to be able to segregate the queue owners from being able to access other queues? If that is the case, you can do that already. All you need to do is make a separate label for each queue and add it to the “Ticket owners by label”. That will only allow that label group access to that queue’s ownership. You also do not need to have the queue owners log directly into the adminui console in order to work the tickets. They can work the tickets vie the userui portal, which helps restrict them down even more on what they can do in the KBOX. This is how I currently have mine setup. I have multiple queue’s but only the owners of that queue has access to it and none of them ever logs into the actual adminui to work the tickets.

      Feedback and Knowledge Base