ACL

Overview

The ACL (Access Control Layer) works in conjunction with a user login system to allow or deny a user access to support tickets and various information or features of a ticket.

Adding/Editing

Permissions may be set for individuals or entire groups of users. All members of a group will inherit any permissions set for the group. If a user is a member of multiple groups with ACL settings, the highest permissions will take affect. Take, for example, the following group settings:

Table 1: ACL
Tickets Comments Private Comments
Object Model Read Update Delete Create Read Create Read
dev (111) group yes yes yes yes yes yes yes
support (222) group yes no no yes yes no no

If user "john" is a member of both groups, his permissions will result as follows:

Table 2: Resulting permissions
Tickets Comments Private Comments
Object Model Read Update Delete Create Read Create Read
john (333) user yes yes yes yes yes yes yes

Individual ACL settings take precedence over any other settings. Once again, take the following two groups and their permissions settings. User "john" is a member of both groups. We then add specific permissions settings for "john":

Table 3: ACL
Tickets Comments Private Comments
Object Model Read Update Delete Create Read Create Read
dev (111) group yes yes yes yes yes yes yes
support (222) group yes no no yes yes no no
john (333) user no no no no no no no

The ACL in table 3 will result in the following permissions for user "john":

Table 4: Resulting permissions
Tickets Comments Private Comments
Object Model Read Update Delete Create Read Create Read
john (333) user no no no no no no no

Note: A user will always have read access to tickets they submitted or are assigned to. This will even override any specific ACL settings.