Ticket "View Sharing" By Department Seen By All Regardless of Permission

Problem reported by Ben Santiardo - 8/4/2015 at 11:33 AM

Resolved

I noticed that when you activate the new "Allow all agents to see the contents of this department" feature, while it does technical work, it does not take into account the security rights of the Agent searching.

For example:

System is designed with two Brands.

Agent1 assigned to BrandA, DeptA1, Group1

Agent2 assigned to BrandB, DeptB1, Group1

Agent3 assigned to BrandB, DeptB1, Group1 & Group2

All departments have been designated to share contents with other agents.

When Agent2 searches tickets, they see BrandA tickets and also BrandB's Group2, even though Agent2 is not apart of those groups. From my perspective, this should not happen. Each agent should be restricted to seeing tickets ONLY within the groups they are assigned to. Agents should not be able to access tickets from a group they do not belong to.

Prime reasoning for this is something that just happened at my company. A new Department started using ST, they were creating a bunch of "test tickets" to play with the system and learn it. Now they are ready to go live and a manager searched for "Closed" tickets. She assumed all the tickets were for her brand/department only and click on the "Select All" box and then deleted all the tickets. Well...she deleted all the closed tickets in every single department that was flagged to share tickets. Regardless of the fact that this manager did not have the permission to delete those tickets since she was not apart of those departments. I had to manually go and undelete all the deleted tickets one by one and it took a while. I was not thrilled.

____________________________________

Ben Santiardo, Senior Programmer Analyst

Eastern Suffolk BOCES

10 Replies

Reply to Thread

Employee Replied

8/4/2015 at 12:21 PM

Employee Post

Hello Ben,
I'm sorry to hear that happened to you, this is by design though, the feature "Allow all agents to see the contents of this department" will allow all agents to 'see' the department, but they cannot modify any of the tickets not in their department (or should not be able to) UNLESS they are a administrator or manager. This allows managers and administrators to delete tickets, assign them, transfer them as needed etc. which is what some other companies needed with this feature.

Ben Santiardo Replied

8/5/2015 at 11:59 AM

I think this behavior violates the stability of the security of the system. Sharing tickets should still be within the limit of those that are assigned within that group. This "sharing" feature I would expect it to still be limited to groups, so an agent in a group can see the tickets of the group(s) they belong to regardless of agent that owns the ticket. I don't think they should be able to see tickets in groups they don't even have access to.

If a manager needs to transfer ticket between groups, then those employees should have access to all groups they need which would give them the ability to see and transfer tickets as needed. The "sharing" I understood was more for Agents to see tickets by other Agents within their designated groups.

____________________________________ Ben Santiardo, Senior Programmer Analyst Eastern Suffolk BOCES

User Replied

8/5/2015 at 12:40 PM

I see your views on this and will add this to be discussed further by the development team.
Thank you for your feedback,
-Ashley

Ben Santiardo Replied

8/5/2015 at 4:19 PM

Thank you. :-)

____________________________________ Ben Santiardo, Senior Programmer Analyst Eastern Suffolk BOCES

Andrea Free Replied

8/7/2015 at 12:17 PM

Employee Post

Hey Ben,

If I'm not mistaken by what you're looking for, you can currently allow agents to see tickets for the groups they are part of. This new setting just expands on that by allowing ALL agents to see the contents without needing to be assigned to the group.

For those agents that should see all tickets for the groups they're part of, you just need to add them to the group with a ticket distribution of "Pull from Queue." Then add the Manager role to their account. This will allow them to see a Global Tickets folder in the navigation pane that can be used to see tickets that aren't assigned to them in the groups they're part of.

Andrea Free SmarterTools Inc. 877-357-6278 www.smartertools.com

Ben Santiardo Replied

8/7/2015 at 4:26 PM

The thing is I we don't want to give them "Manager" roles. Our departments want "Agents" to be able to see all tickets only within the groups they were assigned. Even Manager should only see the groups they were assigned to. We don't want people to see tickets in groups they have no specified rights to.

____________________________________ Ben Santiardo, Senior Programmer Analyst Eastern Suffolk BOCES

Ben Santiardo Replied

8/10/2015 at 5:57 AM

I see that this thread was changed to "Not A Problem". Does that mean your team determined that they will not make any changes to this feature to address this issue?

____________________________________ Ben Santiardo, Senior Programmer Analyst Eastern Suffolk BOCES

User Replied

8/10/2015 at 8:04 AM

It is still listed to be discussed further.

Ben Santiardo Replied

8/10/2015 at 8:35 AM

Oh okay, thanks. :-)

____________________________________ Ben Santiardo, Senior Programmer Analyst Eastern Suffolk BOCES

Andrew Barker Replied

3/7/2019 at 8:27 AM

Employee Post

In a recent version of SmarterTrack, we split this setting into two settings: one which allows agents to search items in that department, and one which gives visibility of that department to all managers.

Andrew Barker Software Developer SmarterTools Inc. (877) 357-6278 www.smartertools.com

Back to Community Threads

Please leave this box unchecked

10 Replies

Reply to Thread

Tags

Related Knowledge Base Articles