CorePermission

AdminInterfaceAccessGroup

Defines agent groups where the agent needs rw permissions to access the administrator interface.

This setting can not be deactivated.

Default value:

---
- admin

AgentFrontend::CustomerCompanyAddressBookList::PermissionGroup

Defines user groups that are allowed to access the customer company address book. Leave this empty if you do not want to restrict access.

This setting can not be deactivated.

Default value:

--- []

AgentFrontend::CustomerUserAddressBookList::PermissionGroup

Defines user groups that are allowed to access the customer user address book. Leave this empty if you do not want to restrict access.

This setting can not be deactivated.

Default value:

--- []

EditAnotherUsersPreferencesGroup

Specifies the group where the user needs rw permissions so that they can edit other users preferences.

This setting can not be deactivated.

Default value:

admin

SwitchToCustomer

Allows administrator users to login as a specific customer user via the agent interface. If OIDC login is configured, this feature is disabled.

This setting can not be deactivated.

Default value:

0

SwitchToCustomer::PermissionGroup

Specifies the group where the user needs “rw” permissions so that he can access the “switch to customer” feature.

This setting can not be deactivated.

Default value:

admin

SwitchToUser

Allows administrator users to login as an other user via the agent interface. If OIDC login is configured, this feature is disabled.

This setting can not be deactivated.

Default value:

0

System::Customer::Permission

Defines the available permissions to customers within the application. If more permissions are needed, they can be entered here. Permissions must be hard coded to be effective. The following permissions are provided built-in: “ro”, “create”, and “rw”. The “rw” must be the last entry in the permission list.

This setting can not be deactivated.

Default value:

---
- ro
- rw

System::Permission

Defines the available permissions to agents within the application. If more permissions are needed, they can be entered here. Permissions must be defined to be effective. The following permissions are provided built-in: “ro”, “move_into”, “create”, “note”, “owner”, “priority”, “chat_observer”, “chat_participant”, “chat_owner”, “bounce”, “close”, “compose”, “customer”, “forward”, “pending”, “phone”, “responsible”, and “rw”. The “rw” must be the last entry in the permission list. Packages can also add permissions to the system. Please read the package documentation for more information.

This setting can not be deactivated.

Default value:

---
- ro
- move_into
- create
- note
- owner
- priority
- chat_observer
- chat_participant
- chat_owner
- rw

CustomerTicket::Permission###1-GroupCheck

Module to check the group permissions for customer access to tickets.

Default value:

---
Granted: '0'
Module: Kernel::System::Ticket::CustomerPermission::GroupCheck
Required: '1'

CustomerTicket::Permission###2-CustomerUserIDCheck

Module to grant access if the CustomerUserID of the ticket matches the CustomerUserID of the customer.

Default value:

---
Granted: '1'
Module: Kernel::System::Ticket::CustomerPermission::CustomerUserIDCheck
Required: '0'

CustomerTicket::Permission###3-CustomerIDCheck

Module to grant access if the CustomerID of the ticket matches the CustomerID of the customer.

Default value:

---
Granted: '1'
Module: Kernel::System::Ticket::CustomerPermission::CustomerIDCheck
Required: '0'

CustomerTicket::Permission###4-CustomerGroupCheck

Module to grant access if the CustomerID of the customer has necessary group permissions.

Default value:

---
Granted: '1'
Module: Kernel::System::Ticket::CustomerPermission::CustomerGroupCheck
Required: '0'

Ticket::Permission###0-AAACustomerGroupUserRestrict

Module intended to limit access for agents who possess a group defined in the ‘DedicatedAgentToCustomerGroups’ setting but not shared with the customer of ticket.

Default value:

---
Granted: '0'
Module: Kernel::System::Ticket::Permission::CustomerGroupUserRestrict
Required: '1'

Ticket::Permission###1-OwnerCheck

Module to grant access to the owner of a ticket.

Default value:

---
Granted: '1'
Module: Kernel::System::Ticket::Permission::OwnerCheck
Required: '0'

Ticket::Permission###2-ResponsibleCheck

Module to grant access to the agent responsible of a ticket.

Default value:

---
Granted: '1'
Module: Kernel::System::Ticket::Permission::ResponsibleCheck
Required: '0'

Ticket::Permission###3-GroupCheck

Module to check the group permissions for the access to tickets.

Default value:

---
Granted: '1'
Module: Kernel::System::Ticket::Permission::GroupCheck
Required: '0'

Ticket::Permission###4-WatcherCheck

Module to grant access to the watcher agents of a ticket.

Default value:

---
Granted: '1'
Module: Kernel::System::Ticket::Permission::WatcherCheck
Required: '0'

Ticket::Permission###5-CreatorCheck

Module to grant access to the creator of a ticket.

This setting is not active by default.

Default value:

---
Granted: '1'
Module: Kernel::System::Ticket::Permission::CreatorCheck
Required: '0'

Ticket::Permission###6-InvolvedCheck

Module to grant access to any agent that has been involved in a ticket in the past (based on ticket history entries).

This setting is not active by default.

Default value:

---
Granted: '1'
Module: Kernel::System::Ticket::Permission::InvolvedCheck
Required: '0'

Ticket::Permission::CreatorCheck::Queues

Optional queue limitation for the CreatorCheck permission module. If set, permission is only granted for tickets in the specified queues.

This setting is not active by default.

Default value:

---
Misc: note
Postmaster: ro, move, note
Raw: rw

Ticket::Permission::InvolvedCheck::Queues

Optional queue limitation for the InvolvedCheck permission module. If set, permission is only granted for tickets in the specified queues.

This setting is not active by default.

Default value:

---
Misc: note
Postmaster: ro, move, note
Raw: rw

Ticket::Permission::OwnerCheck::Queues

Optional queue limitation for the OwnerCheck permission module. If set, permission is only granted for tickets in the specified queues.

This setting is not active by default.

Default value:

---
Misc: note
Postmaster: ro, move, note
Raw: rw

Ticket::Permission::ResponsibleCheck::Queues

Optional queue limitation for the ResponsibleCheck permission module. If set, permission is only granted for tickets in the specified queues.

This setting is not active by default.

Default value:

---
Misc: note
Postmaster: ro, move, note
Raw: rw
Scroll to Top