Option to set Ticket Organization as None
I have a few use cases where I would like the option to set no organization on some tickets for users that are part of one or more organizations.
Use Case #1: Ticket Visibility / Potential Security Gap
We have organizations that are tied to subscription plans, and when a plan expires, I would like to delete that organization. Sometimes there are still active tickets open on that plan that need to be closed out. If I delete the organization, those ticket will roll to the users new default organization if they have one. Normally, this would be okay, but some of our users may be consulting professionals that work with multiple clients of their own, and we wouldn't want to automatically roll their tickets to another organization by default but would prefer for the ticket to roll into a state where the organization is set to none allowing us to manually resolve the ticket organization as needed. Today the ticket rolls into a new organization, and if organization sharing is turned on, that ticket is now exposed to a larger group of users that may not have been authorized to see that ticket.
Note that the Delete Organization Membership APIs indicate that removing a user's membership, will set their tickets to NULL. This sounded amazing, until I tested it and realized that a second organization would slide in and take over on the ticket once it was NULL.
Allowing for an organization to be set to none would allow for us to prevent a ticket from being seen by users in an organization the ticket was not meant for, and would allow for us to resolve the organization as necessary on our side to make sure that ticket data is accurate. Considering that this is due to a deletion or a membership removal, a default of none would be preferred for us in this case with an option to require setting the Organization before solving the ticket.
Use Case #2
Sometimes our customers want limited visibility to their tickets within their organization. It would be great to have the option to remove the organization on some tickets an to control visibility using the CC field to minimize who can access the ticket and its contents. I would still like to see this ticket in the organization, but I also don't want to create another organization that a customer might submit a ticket under for this situation.
Feature Options
I can see where allowing for an organization to be missing could be problematic. I would love to see options in place that allowed for this to be managed.
- Ideally there is an option to only allow agents to choose no organization for their ticket, but I can see this being an option for end users in some scenarios. I would make this an agent only option.
- When an organization is removed from a ticket by the system (due to deletion, or membership removal) it would be great to have an option to require a new organization be set if the user has another organization available -- but make this assignment manual and required to solve the ticket.
-
Great post and solid details Dan! We have a similar problem to your first case and your proposed solutions would allow us to manage our data and mitigate risk of data being visible where it shouldn't be.
-
I was also reminded that Use Case #1 where a customer can potentially have their ticket details shared with another user that the ticket was unintended for is one of the reasons that organization merging is not a feature. This feels like another area where it would be better to add in a measure to make this feature more secure than to leave it as is in alignment with that decision.
Vous devez vous connecter pour laisser un commentaire.
2 Commentaires