1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
|
<?xml version='1.0' encoding='ISO-8859-1'?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<!-- $Id: acl.xml,v 1.2 2007/04/20 13:09:44 cs Exp $ -->
<chapter id="acl">
<title>Access Control Lists (ACLs)</title>
<para>
Seit OTRS 2.0 knnen Access Control Lists (ACLs) verwendet werden, um den
Zugriff auf Tickets, Module, Queues, usw. zu steuern bzw. um in bestimmten
Situationen Aktionen auf Tickets (schlieen, verschieben, usw.) zu
beeinflussen. ACLs knnen als Ergnzung zum bestehenden Berechtigungssystem
der
<link linkend="adminarea-roles">
Rollen
</link>
und
<link linkend="adminarea-groups">
Gruppen
</link>
verwendet werden, mit ACLs lassen sich , basierend auf Ticket-Attributen,
rudimentre Workflows innerhalb des Systems abbilden.
</para>
<para>
ACLs knnen noch nicht ber das
<link linkend="adminarea-sysconfig">
SysConfig-Interface
</link>
erstellt werden, sie mssen direkt in die Datei
<filename>Kernel/Config.pm</filename> eingetragen werden. Im folgenden
einige Beispiele:
</para>
<para>
<example id='acl-move'>
<title>ACL, die das Verschieben von Tickets in eine Queue nur bei einer
Ticket-Prioritt von 5 erlaubt</title>
<programlisting>
# ticket acl
$Self->{TicketAcl}->{'ACL-Name-2'} = {
# match properties
Properties => {
# current ticket match properties
Ticket => {
Queue => ['Raw'],
Priority => ['5 very high'],
}
},
# return possible options (white list)
Possible => {
# possible ticket options (white list)
Ticket => {
Queue => ['Alert'],
},
},
};
</programlisting>
</example>
</para>
<para>
<example id="acl-close">
<title>ACL, die das Schlieen von
Tickets in der raw Queue verbietet und den Schlieen-Schalter ausblendet</title>
<programlisting>
$Self->{TicketAcl}->{'ACL-Name-1'} = {
# match properties
Properties => {
# current ticket match properties
Ticket => {
Queue => ['Raw'],
}
},
# return possible options (white list)
Possible => {
# possible ticket options (white list)
Ticket => {
State => ['new', 'open', 'pending reminder'],
},
# possible action options
Action => {
AgentTicketLock => 1,
AgentTicketZoom => 1,
AgentTicketClose => 0,
AgentTicketPending => 1,
AgentTicketNote => 1,
AgentTicketHistory => 1,
AgentTicketPriority => 1,
AgentTicketFreeText => 1,
AgentTicketHistory => 1,
AgentTicketCompose => 1,
AgentTicketBounce => 1,
AgentTicketTicketPrint => 1,
AgentTicketForward => 1,
AgentTicketTicketLink => 1,
AgentTicketPrint => 1,
AgentTicketPhone => 1,
AgentTicketCustomer => 1,
AgentTicketOwner => 1,
},
},
};
</programlisting>
</example>
</para>
<para>
<example id="acl-state">
<title>ACL, die den Status fr alle Agenten entfernt und Ihn nur noch fr
eine Gruppe zur Verfgung stellt</title>
<programlisting>
$Self->{TicketAcl}->{'ACL-Name-5'} = {
# match properties
Properties => {
# current ticket match properties (match always)
},
# return possible options
PossibleNot => {
# possible ticket options
Ticket => {
State => ['closed successful'],
},
},
};
</programlisting>
</example>
</para>
<para>
Im folgenden eine Liste aller Parameter, die fr ACLs verwendet werden knnen:
</para>
<para>
<programlisting>
# ticket acl
$Self->{TicketAcl}->{'ACL-Name-Test'} = {
# match properties
Properties => {
# current action match properties
Frontend => {
Action => ['AgentTicketPhone', 'AgentTicketEmail'],
},
# current user match properties
User => {
Group_rw => [
'hotline',
],
},
# current user match properties
Ticket => {
Queue => ['Raw'],
State => ['new', 'open'],
Priority => ['some priority'],
Lock => ['lock'],
CustomerID => ['some id'],
CustomerUserID => ['some id'],
TicketFreeKey1 => ['some key'],
TicketFreeKey2 => ['some key'],
# ...
TicketFreeKey8 => ['some key'],
TicketFreeText1 => ['some value'],
TicketFreeText2 => ['some value'],
# ...
TicketFreeText8 => ['some value'],
}
},
# return possible options (white list)
Possible => {
# possible ticket options (white list)
Ticket => {
Queue => ['Hotline', 'Koordination'],
State => => ['some state'],
Priority => ['5 very high'],
TicketFreeKey1 => ['some key'],
TicketFreeKey2 => ['some key'],
# ...
TicketFreeKey8 => ['some key'],
TicketFreeText1 => ['some value'],
TicketFreeText2 => ['some value'],
# ...
TicketFreeText8 => ['some value'],
},
# possible action options (white list)
Action => {
AgentTicketLock => 1,
AgentTicketZoom => 1,
AgentTicketClose => 1,
AgentTicketPending => 0,
AgentTicketNote => 1,
AgentTicketHistory => 0,
AgentTicketPriority => 1,
AgentTicketFreeText => 0,
AgentTicketHistory => 1,
AgentTicketCompose => 1,
AgentTicketBounce => 1,
AgentTicketTicketPrint => 0,
AgentTicketForward => 1,
AgentTicketTicketLink => 1,
AgentTicketPrint => 1,
AgentTicketPhone => 1,
AgentTicketCustomer => 1,
AgentTicketOwner => 0,
},
},
# remove options (black list)
PossibleNot => {
# possible ticket options (black list)
Ticket => {
Queue => ['Hotline', 'Koordination'],
State => ['closed', 'removed'],
},
},
};
</programlisting>
</para>
</chapter>
|
