Testing who has permissions to view a ticket

Is there a way, through webapi calls or iPaaS, that I can test if a particular user has the permissions to view a specific ticket. For example, given the ticket ID 1234 and the user User1, I want to test if the user will see the ticket or the "permission denied" page when trying to view the ticket in TDClient. 

In other words, is there a way to get the list of users who can view a particular ticket? Is there a specific set of rules? For example, by this KB article (https://solutions.teamdynamix.com/TDClient/1965/Portal/KB/ArticleDet?ID=49685), only the requestor, creator, contacts, technicians/admins with the application, and the particular security role can view it. But, from testing, approvers and other users assigned to the ticket in some manner through the workflow can also view the ticket. Is there anybody else that can view the ticket? Are there any exceptions to this?

Use case: I have a form in iPaaS that uses SSO. The user enters a ticket ID and the form displays information on the ticket. I want to check if the logged-in user has access to view the respective TDX ticket before I load the information to the form. I need to ensure that this form allows anyone who can see the ticket in TDX to view the information and to stop anyone who can't (needs to be exact, no guessing or leaving out people). How can I go about doing this?

Asked by Gareth Kmet on Tue 6/25/24 9:51 AM
Sign In to leave feedback or contribute an answer

Answer (1)

This answer has been marked as the accepted answer
Mark Sayers Tue 6/25/24 9:56 AM

Hi Gareth,

The API doesn't have a way to tell you if a specific person has the ability to view a ticket by getting the ticket or anything like that. You'd almost have to do a direct GET of the individual's TDX account to see if they had access to both TDNext and the ticketing app in question. Access to the ticketing app as a whole automatically allows users to be able to access (potentially) any ticket within that ticket app.

Also, those users with Analysis and the security role permission to view all app instances in Analysis could view any ticket in all of your ticket apps.

Sincerely,
Mark Sayers
Sr Support Consultant, CS

No feedback
A requestor of a ticket can always view that ticket through your client portal though. - Mark Sayers Tue 6/25/24 9:57 AM