[rt-users] Rights, rights, rights...

Ruslan Zakirov ruz at bestpractical.com
Wed Feb 6 17:46:31 EST 2008


On Feb 6, 2008 6:22 PM, Jean-Sebastien Morisset <jsmoriss at mvlan.net> wrote:
> Hi everyone,
>
> Phew! There are a lot of different ways to setup rights. Our RT 3.6.6
> users are checked against our Active Directory server and created
> automatically. For some reason when someone sends e-mail, and an account
> doesn't already exist for them, the e-mail fails (I guess this is
> because there wasn't a password to authenticate the user). So I had to
> give 'Everyone' some permissions.
>
> Here's what I did... Does anyone see a problem with this?
Several:
* see comments below inlined
* as almost all privileged users have right to reply to tickets then
most probably Ccs and AdminCcs lists of your tickets will be a big
mess. With this right granted directly to groups people don't have to
add themself as watchers (Owner, Ccs, AdminCcs) to reply to a ticket.
That's often result in double replies from different persons, people
don't get notifications as they're not associated with tickets in any
way.

* do you really want to grant all those SeeScrip, Template and bla-bla
to mortals who really don't care about managing RT instance?


>
> Configuration -> Global -> Group Rights:
>
> Everyone
>   AssignCustomFields
drop this

>   CreateTicket
>   SeeCustomField
>
> Privileged
>   AssignCustomFields
drop this, most probably you want to leave it for admins only

>   CreateSavedSearch
>   CreateTicket
>   EditSavedSearches
>   LoadSavedSearch
>   ModifySelf
>   SeeCustomField
>   SeeGroup
>   SeeQueue
>   ShowSavedSearches
>   ShowTicket
>   Watch
>
> Requestor
>   AssignCustomFields
drop this!

>   CreateSavedSearch
drop this, makes not much sense

>   CreateTicket
drop this. useless

>   EditSavedSearches
>   LoadSavedSearch
drop both

>   ModifySelf
drop this

>   ReplyToTicket
>   SeeCustomField
>   SeeGroup
drop this

>   SeeQueue
drop this

>   ShowSavedSearches
drop this

>   ShowTicket
>
> User defined groups: Management
>   AssignCustomFields
>   CommentOnTicket
>   CreateSavedSearch
>   CreateTicket
>   EditSavedSearches
>   LoadSavedSearch
>   ModifyQueueWatchers
>   ModifySelf
>   ModifyTicket
>   OwnTicket
>   ReplyToTicket
>   SeeCustomField
>   SeeGroup
>   SeeQueue
>   ShowACL
>   ShowOutgoingEmail
>   ShowSavedSearches
>   ShowScrips
>   ShowTemplate
>   ShowTicket
>   ShowTicketComments
>   StealTicket
>   TakeTicket
>   Watch
>   WatchAsAdminCc
>
> User defined groups: RT-Admin
>   AdminAllPersonalGroups
>   AdminCustomField
>   AdminGroup
>   AdminGroupMembership
>   AdminOwnPersonalGroups
>   AdminQueue
>   AdminUsers
>   AssignCustomFields
>   CommentOnTicket
>   CreateSavedSearch
>   CreateTicket
>   DelegateRights
>   DeleteTicket
>   EditSavedSearches
>   LoadSavedSearch
>   ModifyACL
>   ModifyCustomField
>   ModifyOwnMembership
>   ModifyQueueWatchers
>   ModifyScrips
>   ModifySelf
>   ModifyTemplate
>   ModifyTicket
>   OwnTicket
do you really want your admins to own tickets? then add them to two
groups instead of granting them this right. People often make mistakes
and add admins as owners when really they don't care at all about
tickets.

>   ReplyToTicket
the same as above and other rights like StealTicket

>   SeeCustomField
>   SeeGroup
>   SeeQueue
>   ShowACL
>   ShowConfigTab
>   ShowOutgoingEmail
>   ShowSavedSearches
>   ShowScrips
>   ShowTemplate
>   ShowTicket
>   ShowTicketComments
>   StealTicket
>   TakeTicket
>   Watch
>   WatchAsAdminCc
>
> Queue specific rights are given for groups by queue...
>
> Configuration -> Queues -> Unix -> Group Rights:
>
> User defined groups: Unix
>   AssignCustomFields
>   CommentOnTicket
>   CreateTicket
>   ModifyTicket
>   OwnTicket
>   ReplyToTicket
>   SeeQueue
>   ShowACL
>   ShowOutgoingEmail
>   ShowScrips
>   ShowTemplate
>   ShowTicket
>   ShowTicketComments
>   StealTicket
>   TakeTicket
>   Watch
>   WatchAsAdminCc
>
> Thanks!
> js.
> --
> Jean-Sebastien Morisset, Sr. UNIX Administrator <jsmoriss at mvlan.net>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>



-- 
Best regards, Ruslan.



More information about the rt-users mailing list