If you want to lock down your OneDesk account to limit what your users can see and do in OneDesk, there are a few things to consider:
Projects – The Unit of Sharing
The mechanism to prevent your users from seeing specific data within your account is a straightforward one. If you don’t want a user to see some tasks or tickets, then do not share the project with them. For this reason, some OneDesk setups direct new tickets to a project they have designated catch all incoming tickets before they are triaged.
Each user will only see tickets or tasks within a project if the project is shared with them. Therefore, to differentiate data-access between users, it is simply a matter of sharing your projects with the correct people.
If you are an Administrator you will also not see projects that you are not a member of, but you can join these projects without being invited. Non-Administrators can only gain access by being invited by the Project Manager of that project.
Customers may also be granted access to the contents of projects. To do this set the correct settings on the customer portal, and add the customer to the project.
Organization-Level Permissions
Not every user needs to have the same permissions in your account. Access these options from the individual user’s profile. Here are the access rights you can control:
Application Access: This controls which applications will be visible for the user. The options are:
- Administrator (all applications): Can do everything and access all data. You can have multiple administrators.
- Non-administrator: Can have permissions on a per-application basis. The applications you can configure access to are: Tickets, Tasks, Timesheets, Customers, Users, Projects, Analytics, Messenger, Financials.
- Each of these applications has different access types depending on the application. In Tickets a non-admin user can have Full Access or Limited Access. Full access has no restrictions to the Tickets application. Limited access hides the tickets application from the user, the user also cannot create or delete tickets.
Project-Level Roles
Once a project is shared with a user, you can also limit what they can do within the project by giving them a project-role. Here they are:
- Project Manager – Full access to all data and permissions in the project, can add or remove members and change project roles
- Project Lead – Full access to all data and permissions in the project, cannot add or remove members and change project roles
- Standard Member – Can access all data in the project but can only modify items they have created or have assigned to them, can participate in any discussions in the project
- Restricted Member – Can access all data in the project but cannot modify it, can participate in any discussions in the project
We recommend that you grant the highest level of role that you are comfortable with. If not, then your administrators will spend time granting their users different permissions in different projects when users encounter things they are prevented from doing.