From OTRS 2.0 on, Access Control Lists (ACLs) can be used to control access to tickets, modules, queues etc. or to influence actions on tickets (closing, moving etc.) in certain situations. ACLs can be used supplementary to the existing permission system of roles and groups Using ACLs rudimental workflows within the system can be mapped based on ticket attributes.
So far, ACLs cannot be created using the
SysConfig interface
but must be directly entered into the Kernel/Config.pm
file. Find some examples below:
Example 18.1. ACL which only allows to move tickets with ticket priority 5 into a queue
# ticket acl
$Self->{TicketAcl}->{'ACL-Name-2'} = {
# match properties
Properties => {
# current ticket match properties
Ticket => {
Queue => ['Raw'],
Priority => ['5 very high'],
}
},
# return possible options (white list)
Possible => {
# possible ticket options (white list)
Ticket => {
Queue => ['Alert'],
},
},
};
Example 18.2. ACL, which disables the closing of tickets in the raw queue and hides the close button
$Self->{TicketAcl}->{'ACL-Name-1'} = {
# match properties
Properties => {
# current ticket match properties
Ticket => {
Queue => ['Raw'],
}
},
# return possible options (white list)
Possible => {
# possible ticket options (white list)
Ticket => {
State => ['new', 'open', 'pending reminder'],
},
# possible action options
Action => {
AgentTicketLock => 1,
AgentTicketZoom => 1,
AgentTicketClose => 0,
AgentTicketPending => 1,
AgentTicketNote => 1,
AgentTicketHistory => 1,
AgentTicketPriority => 1,
AgentTicketFreeText => 1,
AgentTicketHistory => 1,
AgentTicketCompose => 1,
AgentTicketBounce => 1,
AgentTicketTicketPrint => 1,
AgentTicketForward => 1,
AgentTicketTicketLink => 1,
AgentTicketPrint => 1,
AgentTicketPhone => 1,
AgentTicketCustomer => 1,
AgentTicketOwner => 1,
},
},
};
Example 18.3. ACL, which removes the status for all agents, and only provides it for a group
$Self->{TicketAcl}->{'ACL-Name-5'} = {
# match properties
Properties => {
# current ticket match properties (match always)
},
# return possible options
PossibleNot => {
# possible ticket options
Ticket => {
State => ['closed successful'],
},
},
};
Please find below a list of all parameters which can be used for ACLs:
# ticket acl
$Self->{TicketAcl}->{'ACL-Name-Test'} = {
# match properties
Properties => {
# current action match properties
Frontend => {
Action => ['AgentTicketPhone', 'AgentTicketEmail'],
},
# current user match properties
User => {
Group_rw => [
'hotline',
],
},
# current user match properties
Ticket => {
Queue => ['Raw'],
State => ['new', 'open'],
Priority => ['some priority'],
Lock => ['lock'],
CustomerID => ['some id'],
CustomerUserID => ['some id'],
TicketFreeKey1 => ['some key'],
TicketFreeKey2 => ['some key'],
# ...
TicketFreeKey8 => ['some key'],
TicketFreeText1 => ['some value'],
TicketFreeText2 => ['some value'],
# ...
TicketFreeText8 => ['some value'],
}
},
# return possible options (white list)
Possible => {
# possible ticket options (white list)
Ticket => {
Queue => ['Hotline', 'Koordination'],
State => => ['some state'],
Priority => ['5 very high'],
TicketFreeKey1 => ['some key'],
TicketFreeKey2 => ['some key'],
# ...
TicketFreeKey8 => ['some key'],
TicketFreeText1 => ['some value'],
TicketFreeText2 => ['some value'],
# ...
TicketFreeText8 => ['some value'],
},
# possible action options (white list)
Action => {
AgentTicketLock => 1,
AgentTicketZoom => 1,
AgentTicketClose => 1,
AgentTicketPending => 0,
AgentTicketNote => 1,
AgentTicketHistory => 0,
AgentTicketPriority => 1,
AgentTicketFreeText => 0,
AgentTicketHistory => 1,
AgentTicketCompose => 1,
AgentTicketBounce => 1,
AgentTicketTicketPrint => 0,
AgentTicketForward => 1,
AgentTicketTicketLink => 1,
AgentTicketPrint => 1,
AgentTicketPhone => 1,
AgentTicketCustomer => 1,
AgentTicketOwner => 0,
},
},
# remove options (black list)
PossibleNot => {
# possible ticket options (black list)
Ticket => {
Queue => ['Hotline', 'Koordination'],
State => ['closed', 'removed'],
},
},
};