If you want to lock down your OneDesk account to limit what your users can see and do in OneDesk, there are a few things to consider:
Projects – The Unit of Sharing
The mechanism to prevent your users from seeing specific data within your account is a straightforward one. If you don’t want a user to see some tasks or tickets, then do not share the project with them. For this reason, some OneDesk setups direct new tickets to a project they have designated catch all incoming tickets before they are triaged.
Each user will only see tickets or tasks within a project if the project is shared with them. Therefore, to differentiate data-access between users, it is simply a matter of sharing your projects with the correct people.
If you are an Administrator you will also not see projects that you are not a member of, but you can join these projects without being invited. Non-Administrators can only gain access by being invited by the Project Manager of that project.
Customers may also be granted access to the contents of projects. To do this set the correct settings on the customer portal, and add the customer to the project.
Not every user needs to have the same permissions in your account. Here are the access rights you can control:
Application Access: This controls which applications will be visible for the user. The options are:
- Administrator (all applications): Can do everything and access all data. You can have multiple administrators.
- All-applications: Not administrator but can see all the applications
- Tickets application only: Can see the tickets but not tasks application.
- Tasks application only: Can see the tasks but not tickets application.
Once a project is shared with a user, you can also limit what they can do within the project by giving them a project-role. Here they are:
- Project manager (PM) – They have full access to the projects and can add users to the project (ie. share the project)
- Project Lead (PL) – They have full access but cannot share the project
- Standard member (SM) – They can view everything but can only modify those items created-by or assigned-to themselves.
- Restricted member (RM) – Can view everything within the project, but can only comment on items.
We recommend that you grant the highest level of role that you are comfortable with. If not, then your administrators will spend time granting their users different permissions in different projects when users encounter things they are prevented from doing.