We experienced that when our agent user writing internal notes, the end user able to view it and screen shot to question us.
This is not suppose to happen and i thought Zendesk doesn't allow end user to view the internal notes!
What exactly the security control applied to internal note? Is that if end user contact happen to be in the CC of the ticket they they are able to view it?
Hi Chai -
The only thing we have taken note is the end user is in the CC, as of how he manage to see the internal note, we can't be sure.
In your "user" above , u mean it's our agent?
> the end user able to view it and screen shot to question us.
Hello Chai, was this a screen shot of the support web interface, or of an email?
Thanks for your reply, but as you can see that the end user able to screenshot the internal note that he has seen in the Zendesk interface. Since the it's highlighted yellow, it's clear that it's an internal note the moment it was screen shot. Correct me if i'm wrong.
Regards,
Chai
Hi Chai,
The only way that end-users can see ticket comments is by viewing the notification emails that are set out on a ticket update with a public comment, or by viewing their ticket in the My Requests section of your Help Center (if it's active). In order to be able to take that screenshot, the user would need to be an agent in your Support instance. End users cannot log in to the agent interface. Is Bryan Rey an agent? Agents can see internal comments on all tickets, even if they are the requester.
It could maybe also be that someone changed the comment to private after it was sent via a trigger in an email.
Hey Andrew!
That was my initial thought as well but, if I'm understanding the situation correctly, that screenshot is of the comment in the agent interface. Which means that an agent (or light agent) took it. That's why I want to clarify whether the requester on this ticket is an agent in their instance.
Chai, in addition to what Jessie asked, could you explicitly confirm that the screen shot that you uploaded here is the exact same screen shot (minus privacy & notations) that your user took? The way you can tell if Bryan is an agent is to search for and view his user record in Zendesk.
Hi Jonathan,
No, Bryan is an end-user, he's not suppose to see our internal note. But he managed to see it and screenshot to question us.
Regards,
Chai
Further to my clarification above, I screen shot the whole conversation above through my agent interface. What you should refer to is the Bryan Rey's response, that he managed to screenshot our internal note as an end-user!
Hi Chai,
Looking at Bryan's screenshot there are a few things I'm thinking:
Some possibilities:
It may be worth asking Bryan where he was able to get the screenshot in order to understand if this was based on access or someone else sharing the details.
We just had something very similar happen as well. One of our agents added some internal notes to a ticket and one of our customer end-users just replied to the internal note in a public reply. Have double checked and confirmed that this user is not an agent or light agent and should not be able to see this under any circumstances. This is a pretty significant issue and I look forward to getting this resolved.
Hey Ben!
Did you check the ticket events to make sure that the agent didn't accidentally submit the comment as public and then change it to private after the fact?
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Hi Chai!
Are you absolutely certain that the comment in question wasn't accidentally added as a public comment, and then turned to a private comment after the fact? You should be able to see whether this is the case by viewing the ticket events. This seems like the most likely scenario, since (as you observed) end users do not get notifications of nor can they see internal ticket comments.