Agent permissions can be used to control how your agents use the system and which areas they have access to.
Agent permissions are held under their settings. These can be set by roles (e.g. Standard User or Administrator), roles are used to determine agent permissions in bulk. There is a hierarchy to these permissions, with inherited permissions (those from a role) having a lower priority than those directly changed in the agent configuration:
Specifically, if an agent has "Read Only" access inherited from a role and you elevate that permission to a higher level of access, changing the role to "No Access" will not affect that agent's access.
Similarly if a role grants read only permission to customers for example but you wish to revoke their access, you will have to alter the role. You cannot lower their access below that of any role they hold.
Under Configuration > Teams and Agents > Agents and clicking on any given agent will take you to their settings. Head to the permissions tab.
The general permissions speak for themselves, indicating administrator status and whether they can edit their own preferences.
The feature permissions are for access to the global areas accessible in the left hand navigation pane. These directly relate to the modules you have enabled in the configuration.
The tickets permissions dictate how any given agent may interact Halo tickets:
Can add new Tickets - Able to add new tickets to their respective teams and areas
Can view Unassigned Tickets - For any team which the agent belongs they can view unassigned tickets.
Can view Tickets that are assigned to other Agents - Similarly can view tickets for other agents in their teams.
If this is denied, they can only see themselves in any of their teams.
Can change a Ticket's Ticket Type - For any tickets they can view, they can change the ticket type.
Can Re-assign Tickets - Similar to above and allows reassigning of tickets.
Can Edit Advanced Ticket Details - This allows the agent to view and edit ticket details/options normally restricted to administrators.
An example is 'Exclude from SLA' which will strip all SLA information from a ticket.
Editing of Actions - Allows the agent to edit their actions within tickets.
Can Edit All Actions - Allows the editing of actions by other agents.
Can Delete Tickets - As it describes.
The lower set of permissions relate to other areas of Halo.
Ticket type restrictions are the only ticket types accessible to the agent; if none are selected then all are accessible, similarly with the client restrictions.
A new "Access Control" button will now show on the Ticket Type, Outcome, Approval Process and Workflow config screens.
This allows you to assign Modify or Owner access to a Role or Agent for the object.
Agents which have Modify or Owner access to an entity will have access to a "My Config" area if they are not an administrator. This allows them to edit the objects they have this access for. If they are an Owner, they will also have access to delete the object and assign permissions to the object.
A permission has also been added called "Allow creation of new Ticket Types and linked objects". If this is granted to an Agent they will get access to config to be able to create new Ticket Types, Actions, Approval Processes and Workflows.
The other permissions are self-explanatory, with password fields relating directly to the password type of field available in Halo. If this is set to not visible then any field with the data type 'Password' will not be visible to the agent.