The ACL (Access Control Layer) works in conjunction with a user login system to allow or deny a user access to support tickets and various information or features of a ticket.
Permissions may be set for individuals or entire groups of users. All members of a group will inherit any permissions set for the group. If a user is a member of multiple groups with ACL settings, the highest permissions will take affect. Take, for example, the following group settings:
Tickets | Comments | Private Comments | ||||||
---|---|---|---|---|---|---|---|---|
Object | Model | Read | Update | Delete | Create | Read | Create | Read |
dev (111) | group | yes | yes | yes | yes | yes | yes | yes |
support (222) | group | yes | no | no | yes | yes | no | no |
If user "john" is a member of both groups, his permissions will result as follows:
Tickets | Comments | Private Comments | ||||||
---|---|---|---|---|---|---|---|---|
Object | Model | Read | Update | Delete | Create | Read | Create | Read |
john (333) | user | yes | yes | yes | yes | yes | yes | yes |
Individual ACL settings take precedence over any other settings. Once again, take the following two groups and their permissions settings. User "john" is a member of both groups. We then add specific permissions settings for "john":
Tickets | Comments | Private Comments | ||||||
---|---|---|---|---|---|---|---|---|
Object | Model | Read | Update | Delete | Create | Read | Create | Read |
dev (111) | group | yes | yes | yes | yes | yes | yes | yes |
support (222) | group | yes | no | no | yes | yes | no | no |
john (333) | user | no | no | no | no | no | no | no |
The ACL in table 3 will result in the following permissions for user "john":
Tickets | Comments | Private Comments | ||||||
---|---|---|---|---|---|---|---|---|
Object | Model | Read | Update | Delete | Create | Read | Create | Read |
john (333) | user | no | no | no | no | no | no | no |
Note: A user will always have read access to tickets they submitted or are assigned to. This will even override any specific ACL settings.