[rt-users] Group Rights on System Groups & Role Groups

Stephen Turner sturner at MIT.EDU
Tue Apr 24 12:01:14 EDT 2007


Hello all,

Something came up recently that I'm surprise I haven't noticed before.

In our RT system, we distribute queue administration to the business 
owners of the queues, and a queue admin recently reported that on the 
Group Rights screen for his queue, he could not see any groups listed 
under System Groups or Roles.

What this means is that he can't see the full picture of group access 
to his queue - for example he can't see that Everyone has 
CreateTicket in his queue.

Digging into the code shows me that the SeeGroup privilege controls 
what groups you see on the GroupRights page, and apparently nobody 
(except super users) have this privilege on the system groups or role 
groups. I presume this is the RT default, as we haven't fiddled with this.

So next I hunted for a config screen that would allow me to set 
access on these special groups, but I couldn't find one. I can hack 
the group-rights-on-a-group URL with the special group's IDs, but 
that doesn't feel quite kosher. I started wondering why this function 
was hidden, and if I'm causing problems for myself if I give SeeGroup 
on the Everyone, Privileged, AdminCc etc groups to all my privileged RT users.

Any thoughts or advice? Anyone encountered this before?

Thanks,
Steve


Stephen Turner
Senior Programmer/Analyst - Client Support Services
MIT Information Services and Technology (IS&T)





More information about the rt-users mailing list