[rt-users] Rights, rights, rights...
Jean-Sebastien Morisset
jsmoriss at mvlan.net
Thu Feb 7 10:09:54 EST 2008
On Wed, Feb 06, 2008 at 11:19:48AM -0800, Kenneth Crocker wrote:
>
> Whew! You have really given alot of people alot of rights.
Kenneth and Ruslan,
Thanks for your feedback! I did a lot of testing, and wasn't sure if you
inherited rights or not, so many of the basic rights were duplicated.
Thanks for explaining that bit. :-)
Ok, so a brief description of our processes is in order... It's very
simple really... Anyone can open a ticket. Requestors should be able to
view and reply to their own ticket. Anyone else should be able to view
all tickets, add themselves as CC, but not modify tickets that aren't
theirs. We have 3-4 queues, and most of the requests will be coming in
by e-mail, sorted (by procmail), and a ticket opened in the appropriate
queue. Specific groups, like "Telecom" for example, have priviledges to
work on tickets in their own queue (also called "Telecom"). They should
also be able to transfer tickets to other queues in case someone sent
their e-mail to the wrong queue. The "Management" group should have the
ability to modify any ticket in any queue.
So, in a nutshell, that's about it.
After your comments, I made the following adjustments:
Configuration -> Global -> Group Rights:
Everyone
CreateTicket
SeeCustomField
Privileged
CreateSavedSearch
CreateTicket
EditSavedSearches
LoadSavedSearch
ModifySelf
SeeCustomField
SeeGroup
SeeQueue
ShowSavedSearches
ShowTicket
Watch
User defined groups: Management
ModifyQueueWatchers
ModifyTicket
OwnTicket
ReplyToTicket
ShowACL
ShowOutgoingEmail
ShowScrips
ShowTemplate
ShowTicketComments
StealTicket
TakeTicket
WatchAsAdminCc
There's also an RT-Admin group to manage users and RT configs:
RT-Admin
AdminAllPersonalGroups
AdminCustomField
AdminGroup
AdminGroupMembership
AdminOwnPersonalGroups
AdminQueue
AdminUsers
AssignCustomFields
ModifyACL
ModifyCustomField
ModifyOwnMembership
ModifyQueueWatchers
ModifyScrips
ModifyTemplate
ModifyTicket
ShowACL
ShowConfigTab
ShowOutgoingEmail
ShowSavedSearches
ShowScrips
ShowTemplate
ShowTicket
ShowTicketComments
For each Queue ("Telecom" in this example), I have additional rights for
the associated group. I've specified some AdminCCs by default because
we're transitioning from an e-mail based process. Eventually I'll remove
the AdminCCs and create a Scrip/Template to e-mail the group members
when a ticket is created in their queue. After that it'll be up to them
to decide if they want to own the ticket or add themselves as Ccs or
AdminCcs.
Configuration -> Queues -> Telecom -> Watchers:
Administrative Cc:
Telecom
Management
Configuration -> Queues -> Telecom -> Group Rights:
User defined groups: Telecom
CommentOnTicket
ModifyTicket
OwnTicket
ReplyToTicket
ShowOutgoingEmail
ShowTicketComments
StealTicket
TakeTicket
WatchAsAdminCc
BTW, I appreciate your time with this. The faster I can tweak this
config, the better chance it'll be adopted. Our current e-mail based
process has to go... :-)
I should also mention that I've configured the ___Approval queue. For
some reason it's showing up on the user's home page. I thought the
___Approval queue would be hidden... Should it be?
I'm still tweaking the approval process. There's some conflicts between
the global scrips and the approval queue scrips. For example, the global
scrip "On Create Notify AdminCcs with template Transaction" and the
___Approval queue scrip "On Create Notify AdminCcs with template New
Pending Approval". It looks like I'll have to move that global scrip
into each queue instead to avoid duplicate e-mails with the ___Approval
queue.
Thanks!
js.
--
Jean-Sebastien Morisset, Sr. UNIX Administrator <jsmoriss at mvlan.net>
More information about the rt-users
mailing list