[rt-users] Proper way to set up a read-only user

Todd Chapman todd at chaka.net
Thu Jun 15 12:28:23 EDT 2006 

On Wed, Jun 14, 2006 at 03:20:42PM -0600, Nick Metrowsky wrote:
> Hi Todd,
> 
> Thank you for writing. Apparently the Privileged global system group has
> Super User and Delegate Rights, plus every other right set up. I tried
> removing all the rights, so just Show Ticket and See Queue were
> available. I was then going to grant more rights on a group by group
> and/or user by user basis for those users who really need them.
> Unfortunately, I cannot revoke Super User and Delegate Rights from the
> Privileged global system group. So, when I create a user, with just See

That is really broken. If you can't do that then all bets are off.

> type rights, they can do anything they want (I did not place them in any
> group other than checking the box "Let this user be granted rights"). By
> the way, when I look in Rights Matrix, everything is set to "Y" for this
> user. I also checked the various queues, and the Privileged group has no
> rights, and the same goes for the user accounts. The privileges are
> assigned only at the global group level. We set up a global group for
> each queue; again the test user was not assigned to any group.
> 
> One other observation, the NULL account, user id #1 is assign the Super
> User privilege, is this supposed be right? I tried to revoke it and RT
> will not let me do it. 

Not sure about that.

> 
> I did not set up RT originally, as the privilege set up was a carry over
> from the RT 2 system. I knew this was a bit of a mess, I just did not
> really know who much a mess it was.
> 
> Anyway, what should be the defaults for the Everyone, Unprivileged and
> Privileged global system groups? Do I need to be logged into a special
> account to revoke Super User and Delegate rights from the Privileged
> global system group? I guess the next question, is this something I
> really want to do?

You need to be logged in as root and make sure root has SuperUser,
then you can revoke rights from Everyone/Priv, and Unpriv. I'm pretty
sure they have no rights by default.

> 
> Any insight would be greatly appreciated.
> 
> Take care!
> 
> Nick
> 
> 
> ------------------------------------------------------------------------
> ---------
> Nick Metrowsky
> Consulting System Administrator
> 303-684-4785 Office
> 303-684-4100 Fax
> nmetrowsky at digitalglobe.com
> DigitalGlobe (r), An Imaging and Information Company
> http://www.digitalglobe.com
> ------------------------------------------------------------------------
> ---------
> 
> -----Original Message-----
> From: Todd Chapman [mailto:todd at chaka.net] 
> Sent: Wednesday, June 14, 2006 2:02 PM
> To: Nick Metrowsky
> Cc: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] Proper way to set up a read-only user
> 
> On Wed, Jun 14, 2006 at 10:22:21AM -0600, Nick Metrowsky wrote:
> > Hi Everyone,
> > 
> >  
> > 
> > I would like to set up users in RT which grant them the rights to view
> > tickets and queues, but they cannot change anything. I would like them
> > to have a user id and password, like privileged users. Is there a way
> to
> > do this? I noticed that the Everyone and Unprivileged user designation
> > allows users to only use the SelfService menu and that is just about
> it.
> > 
> 
> Make them privileged but don't grant them any rights other
> thatn See/Show rights.
> 
> -Todd

More information about the rt-users mailing list