OTOBO / Znuny – Groups, Roles & Agents
OTOBO is a flexible and scalable ticket system distinguished by its fine-grained permission management. Through the targeted use of Groups, Roles, and Agents, you can streamline processes, clearly define responsibilities, and enhance system security in your company.
Overview of Relationships
Below is a schematic diagram illustrating the fundamental relationships between agents, groups, roles, queues, customers, and customer users in OTOBO.
OTOBO Groups
Groups are the core of access control. They bundle users together and define which functions and queues they have access to by default.
Standard Groups & Default Assignments
In its default state, OTOBO comes with several predefined groups. You can use these directly or adapt them as templates for your own groups.
Default Customer-User Groups
These groups control which customer users have which access rights to customer portals and data.
Default customer user groups in OTOBO
Dynamic Field Preferences Groups
These groups allow for the implementation of dynamic field preferences per user group.
Example of dynamic field preferences
Default Customer Groups
Standard groups used on the customer side to structure tickets and requests.
Predefined customer groups after installation
Overall Overview: Groups, Roles & Agents
Overview of the interaction of all three components in the system context.
Diagram: Interaction of Groups, Roles, and Agents
Adding & Managing Groups
Creating and maintaining groups is done via the Users, Groups & Roles → Groups module.
| Action | Description |
|---|---|
| Add Group | Click the link in the left sidebar, fill in the required fields, click Save. |
| Edit Group | Select the group, change the data, click Save or Save and finish. |
| Deactivate Group | Set Validity to invalid or temporarily invalid. |
| Search | Use the filter field for group names. |
Important Settings for Groups
| Field | Meaning |
|---|---|
| Name | Unique identifier, visible in overviews and selection lists. |
| Validity | Only valid groups can be actively used. |
| Comment | Short description or notes about the group. |
OTOBO Roles
Roles bundle individual permissions into profiles that you can assign to users or groups. This increases clarity and reduces the effort required for permission changes.
Role Assignments & Management
In the Users, Groups & Roles → Roles module, you manage the creation, editing, and deactivation of roles.
Role ↔ Group
Connects a role with one or more groups to delegate permissions.
Interface: Role assignment to groups
Role ↔ Role (Inheritance)
Roles can inherit from each other to modularize permission profiles.
Representation of the role hierarchy
Agent ↔ Role
Agents receive their individual permissions through this assignment.
Assigning roles directly to agents
Agent ↔ Agent (Special Cases)
In special cases, agents can derive specific permissions from each other.
Example: Agent-to-agent permissions
Agent-Role Management
Overview page for the central management of all agent and role assignments.
Central dashboard for agent permissions
Add Role
Creating new roles with predefined permission sets.
Step: Create a new role
Edit Role
Adjusting existing roles, e.g., to add new permissions.
Step: Edit role
Roles ↔ Groups Management
Detailed view for controlling which groups receive which roles.
Section: Fine-grained assignment of groups to roles
Roles Overview
Complete list of all defined roles, including filter and search functions.
Management page for all roles in the system
Add Role
- Add Role in the left sidebar.
- Fill in the role name, validity, and required fields.
- Click Save.
Edit Role
| Step | Action |
|---|---|
| Selection | Click on the role in the list. |
| Adjust | Change fields as needed. |
| Save | Choose Save or Save and finish. |
Important Settings for Roles
| Field | Meaning |
|---|---|
| Name | Visible name in overviews and dropdowns. |
| Validity | Only valid roles can be actively assigned and used. |
| Comment | Optional note about the role. |
Permissions Overview
A complete list of the standard permissions you can use in roles and groups:
| Code | Description |
|---|---|
| ro | Read-only access to tickets. |
| move_into | Move tickets. |
| create | Create tickets. |
| note | Add notes to tickets. |
| owner | Change ticket owner. |
| priority | Adjust ticket priority. |
| rw | Full access to tickets (Read & Write). |
| chat_observer | Chat observer role. |
| chat_participant | Participate in chats (by invitation). |
| chat_owner | Full control over public chats. |
| stats | Access to statistics. |
| bounce | Bounce emails. |
| compose | Compose replies. |
| customer | Change customer information. |
| forward | Forward messages. |
| pending | Mark tickets as pending. |
| phone | Add phone calls to tickets. |
| responsible | Change responsible agent. |
Role ↔ Group Relationships
The following sequence diagram illustrates the assignment flow:
With this additional content and the explanatory captions, each image is meaningfully embedded and clearly explained. Good luck with the rest of your documentation