ACL Reference Guide#

Working with tickets can become a bewildering task. Many options are given to process, or close tickets, even if they are not needed in the current state of a ticket or due to the role of the current agent. Hiding unneeded entries cleans up the menu bar and gets it easier to work with, hiding values from dynamic fields or next queues lowers chance of human error.

We use access control lists (ACL) to restrict agents and customer users on ticket options, allowing only correct and meaningful activities with a ticket. As administrators you can easily generate ACLs in the graphical interface to prevent ticket closure until meeting specific requirements, prevent tickets from being moved to queues before adding the defined information and much more.

A list of all possible match and set criteria:

Match Properties#

You may match Key/Values using Properties Database (Back-end) or Properties (Font-end) matching.

Property

Key

Value

Comments

CustomerUser

UserLogin

some login

UserCustomerID

some customer id

Group_rw

some group (active customer group feature required)

DynamicField


DynamicField_Field1

DynamicField_TicketFreeText2


some key or value
Names must be in DynamicField_<field_name> format.
Values for dynamic fields must always be the untranslated internal data keys specified in the dynamic field definition and not the data values shown to the user.
Using the key is also mandatory for a dynamic field of type database and dynamic field of type webservice.
Frontend

Action

AgentTicket….
CustomerTicket….
Entities are dynamically populated and can be search for by typing.

Owner

UserLogin

some login

Group_rw

some group

Role

some role

Priority

ID

some id

Name

some name

Process

ProcessEntityID

some id

The current process id. Use only with Properties Database.

ActivityEntityID

some id

The current activity id. Use only with Properties Database.

ActivityDialogEntityID

some id

The current activity dialog in use. Use only with Properties.

Queue

QueueID

some id

Name

some name

GroupID

some group id

Used to match multiple queues.

Email

some email address

Used to match multiple queues.

RealName

email address real name

Used to match multiple queues.

Responsible

UserLogin

some login

Group_rw

some group

Role

some role

Service

ServiceID

some id

Name

some name

ParentID

some id

SLA

SLAID

some id

Name

some name

Calendar

some calendar

State

ID

some id

Name

some name

TypeName

some type name

To match multiple states.

TypeID

some id

See table ticket_state_type

Ticket

Queue

some name

State

some name

Priority

some name

Lock

some name

CustomerID

some name

CustomerUserID

some name

Owner

some name

DynamicField_*

some name

NewOwner

login

Prior to Znuny 6.4.4, this would reference the display name.

<other Property>

<other property>

Any other ticket attribute.

Type

ID

some id

Name

some name

User

UserLogin

some login

Group_rw

some group

Role

some role

Configuration Properties#

Configuration properties can be:

Possible (white-listing)

The values entered show exclusive values.

PossibleNot (black-listing)

The values entered show excluded values.

PossibleAdd (for cumulating lists)

The values entered add to previous ACL restrictions. This is generally used in combination with PossibleNot.

Property

Key

Value

Comments

Action

some action (frent-end)

Entities are dynamically populated and can be search for by typing.

ActivityDialogEntityID

some id

Process

some id

Ticket

Any Ticket Property

some name

IDs do not work in the ticket configuration settings. You can set the returnable state, bun not state id, state type, or state type id.