Chapter 18. Access Control Lists (ACLs)
From open-support.info
< Book:OTRS 3.0 - Admin Manual(Difference between revisions)
m (1 revision: Update book/figure) |
|||
(One intermediate revision not shown) | |||
Line 4: | Line 4: | ||
|title=Access Control Lists (ACLs) | |title=Access Control Lists (ACLs) | ||
|status=effective | |status=effective | ||
- | |progress= | + | |progress=0 |
|author=Dick6809 | |author=Dick6809 | ||
|editor=Dick6809 | |editor=Dick6809 | ||
Line 12: | Line 12: | ||
As yet, ACLs cannot be created using the SysConfig interface. They must be directly entered into the Kernel/Config.pm file. Some ACL examples are listed below (Example 18-1, 18-2 and 18-3): | As yet, ACLs cannot be created using the SysConfig interface. They must be directly entered into the Kernel/Config.pm file. Some ACL examples are listed below (Example 18-1, 18-2 and 18-3): | ||
- | { | + | {{book/example |
- | | Example 18.1 | + | |id= Example 18.1 |
- | | | + | |title= ACL allowing movement into a queue of only those tickets with ticket priority 5. |
- | + | |code= | |
<pre> | <pre> | ||
# ticket acl | # ticket acl | ||
Line 36: | Line 36: | ||
}; | }; | ||
</pre> | </pre> | ||
- | + | }} | |
- | { | + | {{book/example |
- | | Example 18.2 | + | |id= Example 18.2 |
- | | | + | |title= ACL disabling the closing of tickets in the raw queue, and hiding the close button. |
- | + | |code= | |
<pre> | <pre> | ||
$Self->{TicketAcl}->{'ACL-Name-1'} = { | $Self->{TicketAcl}->{'ACL-Name-1'} = { | ||
Line 81: | Line 81: | ||
}; | }; | ||
</pr> | </pr> | ||
- | + | }} | |
- | { | + | {{book/example |
- | | Example 18.3 | + | |id= Example 18.3 |
- | | | + | |title= ACL removing the status for all agents, only providing it for a group. |
- | + | |code= | |
<pre> | <pre> | ||
$Self->{TicketAcl}->{'ACL-Name-5'} = { | $Self->{TicketAcl}->{'ACL-Name-5'} = { | ||
Line 102: | Line 102: | ||
}; | }; | ||
</pre> | </pre> | ||
- | + | }} | |
In Script 18.1 there is a list of all parameters which can be used for ACLs. | In Script 18.1 there is a list of all parameters which can be used for ACLs. | ||
- | {| | + | {{book/script |
- | | | + | |id= Script 18.1 |
+ | |title= Valid parameters for ACLs. | ||
+ | |code= | ||
<pre> | <pre> | ||
# ticket acl | # ticket acl | ||
Line 190: | Line 192: | ||
}; | }; | ||
</pre> | </pre> | ||
- | + | }}</onlyinclude> | |
- | + | ||
- | + |
Latest revision as of 06:56, 24 April 2011
From OTRS 2.0 on, Access Control Lists (ACLs) can be used to control access to tickets, modules, queues, etc., or to influence actions on tickets (closing, moving, etc.) in certain situations. ACLs can be used to supplement the existing permission system of roles and groups . Using ACLs, rudimental workflows within the system can be mapped, based on ticket attributes.
As yet, ACLs cannot be created using the SysConfig interface. They must be directly entered into the Kernel/Config.pm file. Some ACL examples are listed below (Example 18-1, 18-2 and 18-3):
Example 18.1. ACL allowing movement into a queue of only those tickets with ticket priority 5. |
# ticket acl $Self->{TicketAcl}->{'ACL-Name-2'} = { # match properties Properties => { # current ticket match properties Ticket => { Queue => ['Raw'], Priority => ['5 very high'], } }, # return possible options (white list) Possible => { # possible ticket options (white list) Ticket => { Queue => ['Alert'], }, }, }; |
Example 18.2. ACL disabling the closing of tickets in the raw queue, and hiding the close button. |
$Self->{TicketAcl}->{'ACL-Name-1'} = { # match properties Properties => { # current ticket match properties Ticket => { Queue => ['Raw'], } }, # return possible options (white list) Possible => { # possible ticket options (white list) Ticket => { State => ['new', 'open', 'pending reminder'], }, # possible action options Action => { AgentTicketLock => 1, AgentTicketZoom => 1, AgentTicketClose => 0, AgentTicketPending => 1, AgentTicketNote => 1, AgentTicketHistory => 1, AgentTicketPriority => 1, AgentTicketFreeText => 1, AgentTicketHistory => 1, AgentTicketCompose => 1, AgentTicketBounce => 1, AgentTicketTicketPrint => 1, AgentTicketForward => 1, AgentTicketTicketLink => 1, AgentTicketPrint => 1, AgentTicketPhone => 1, AgentTicketCustomer => 1, AgentTicketOwner => 1, }, }, }; </pr> }} {{book/example |id= Example 18.3 |title= ACL removing the status for all agents, only providing it for a group. |code= <pre> $Self->{TicketAcl}->{'ACL-Name-5'} = { # match properties Properties => { # current ticket match properties (match always) }, # return possible options PossibleNot => { # possible ticket options Ticket => { State => ['closed successful'], }, }, }; |
In Script 18.1 there is a list of all parameters which can be used for ACLs.
# ticket acl $Self->{TicketAcl}->{'ACL-Name-Test'} = { # match properties Properties => { # current action match properties Frontend => { Action => ['AgentTicketPhone', 'AgentTicketEmail'], }, # current user match properties User => { Group_rw => [ 'hotline', ], }, # current user match properties Ticket => { Queue => ['Raw'], State => ['new', 'open'], Priority => ['some priority'], Lock => ['lock'], CustomerID => ['some id'], CustomerUserID => ['some id'], TicketFreeKey1 => ['some key'], TicketFreeKey2 => ['some key'], # ... TicketFreeKey8 => ['some key'], TicketFreeText1 => ['some value'], TicketFreeText2 => ['some value'], # ... TicketFreeText8 => ['some value'], } }, # return possible options (white list) Possible => { # possible ticket options (white list) Ticket => { Queue => ['Hotline', 'Koordination'], State => => ['some state'], Priority => ['5 very high'], TicketFreeKey1 => ['some key'], TicketFreeKey2 => ['some key'], # ... TicketFreeKey8 => ['some key'], TicketFreeText1 => ['some value'], TicketFreeText2 => ['some value'], # ... TicketFreeText8 => ['some value'], }, # possible action options (white list) Action => { AgentTicketLock => 1, AgentTicketZoom => 1, AgentTicketClose => 1, AgentTicketPending => 0, AgentTicketNote => 1, AgentTicketHistory => 0, AgentTicketPriority => 1, AgentTicketFreeText => 0, AgentTicketHistory => 1, AgentTicketCompose => 1, AgentTicketBounce => 1, AgentTicketTicketPrint => 0, AgentTicketForward => 1, AgentTicketTicketLink => 1, AgentTicketPrint => 1, AgentTicketPhone => 1, AgentTicketCustomer => 1, AgentTicketOwner => 0, }, }, # remove options (black list) PossibleNot => { # possible ticket options (black list) Ticket => { Queue => ['Hotline', 'Koordination'], State => ['closed', 'removed'], }, }, }; |
Script 18.1. Valid parameters for ACLs. |