Hello, I've installed otrs and having some things to configure, I'd like to be sure I understand the queues/groups/agents/customer permission system correctly. * A queue is associated to a Group * each agent can be associated to groups with a set of permissions (ro, create, ..., rw) * when there are more and more Queues, Groups and Agents, it is easier to create roles * each role can be associated to groups with a set of permissions (ro, create, ..., rw) * just associate a user with a role, and he gets the role's permissions Is this correct ? When you want to authorize reading to a queue or ticket creation in it, you have to give the user ro or create permission to the group the queue belongs to, isn't it ? Now, I have : * a queue for our IT staff (10 agents), let's call it "ITqueue". It belongs to group "IT". * 300 customers in our ldap backend, which all belong to group "Clients" ( $Self->{CustomerGroupAlwaysGroups} = ['Clients']; ) I would like to give these customers read and create rights on the "ITqueue", but can't figure how. I think I should associate them all to a role ("Client") that would have ro & create rights on group "IT", but how would I automatically give this role to all these 300 customers ? By the way, I use otrs 2.2.4 Would anybody have an idea ? Thanks in advance, -- Mikael Kermorgant