FW: [rt-users] Help - RTFM bugs with Rights ?

Hanson, Dave Dave.Hanson at ogs.state.ny.us
Mon Oct 25 14:53:19 EDT 2004 

Jesse - OK.  Part of the problem was on my end - the user was in a group which had some rights to a class (but wasn't a superuser).  I missed this while learning what each ACL did.  My bad on that one, sorry.

HOWEVER, I still think there are some bugs (or lack of understanding on my part):
- every user, regardless of rights or lack thereof, can see custom fields menu, as well as modify the title and description of custom fields

- SeeClass ACL is needed to see the Custom Fields in an article.  

- SeeClass ACL allows user to create an article in a class which they can see

- ShowCustomField seems to have no value, nor does it appear in the ACL list for individual classes

Here is the latest spreadsheet of ACL's and what they do:


Any help you could provide would be fantastic.  THANKS!!!

-----Original Message-----
From: Jesse Vincent [mailto:jesse at bestpractical.com]
Sent: Tuesday, October 19, 2004 4:32 PM
To: Hanson, Dave
Cc: 'rt-users at lists.bestpractical.com'
Subject: Re: [rt-users] Help - RTFM bugs with Rights ?


What RT rights did your user have? Was he, perhaps, a SuperUser?


On Oct 19, 2004, at 12:18 PM, Hanson, Dave wrote:

> I installed RTFM-2.0.4.tar.gz on top of RT 3.2.2.  Either I am missing 
> something simple, or there are bugs in RTFM with setting rights in 
> RTFM.  We love the product, but this situation makes it difficult to 
> use it for a large population of general users.  We really would love 
> to identify fixes.
>
> 1) I started with a user who had no ACL's for RTFM at all.  I found 
> that I do the following, none of which I think should be possible for 
> a user with no ACL's:
> 	◦ 	see article title and description from overview
> 	◦ 	select article from overview
> 	◦ 	see article history
> 	◦ 	modify article title and description
> 	◦ 	see custom fields
> 	◦ 	modify custom field descriptions, fields, values, etc.
>
>
>
>  2) By adding ACL's individually so that only one ACL was present at 
> any time, the following ACL's made no changes in rights from what was 
> present above in #1
> 	◦ 	AdminClass
> 	◦ 	AdminValues
> 	◦ 	CreateArticle
> 	◦ 	ModifyArticle
> 	◦ 	ShowArticle
> 	◦ 	ShowArticleHistory
> 	◦ 	ShowCustomField
>
> Attached is a spreadsheet mapping rights to ACL's:
>       <<rtfm_privs_chart.xls>>
>  Can these problems be rectified so that we can truly restrict which 
> rights general users have?  THANKS!
> <rtfm_privs_chart.xls>_______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Be sure to check out the RT wiki at http://wiki.bestpractical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rtfm_privs_chart_2.xls
Type: application/vnd.ms-excel
Size: 24064 bytes
Desc: rtfm_privs_chart_2.xls
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20041025/28a2b9aa/attachment.xls>

More information about the rt-users mailing list