[rt-users] Problems with permissions (bug?)

Markus.Kummer at t-systems.com Markus.Kummer at t-systems.com
Wed May 12 05:38:59 EDT 2010 

Hi Ken ,hi Ruslan,

thank you for your advice.

I know that my rights config seems to be unlogical, so let me explain why I started like this.

At the moment we have two departments working on incident reports in two queues. Both departments cannot see the other departments queue. Sometimes Dep. A needs to give a ticket to dep. B. In this case we follow a special workflow to realize that (Scrips).
Dep. A change the status of a ticket in their queue to "ext" and write a reply. This procedure creates a "child" ticket in the Queue of dep B. Then Dep B works on that ticket. Some activities in the dep B queue cause a syncronization with the ticket in the queue of dep A. After the ticket is "resolved" in dep B the status of the parent ticket in queue of dep A is set to "fixed" and the workflow ends.
This workflow causes a lot of confusion for the users. They forget to write a reply after changing the status to "ext" and so on.
To make it more simple we want to merge the two queues and find another way to seperate the tickets of the two departments.    

What I posted before was the "first try". The intention is that the two departments get exactly one requestor for each queue. So they have to log in as those requestors to see all their tickets. If dep A wants to give a ticket  to dep B it just change the requestor to the one of dep B.

In the second step I want to give rights to the owners of the tickets too. Then the "requestor of dep B" changes the owner to the one who has to work on that ticket.  So if an owner logs in he sees all the tickets he has to work on.

Maybe this is the wrong way but I don't know what else to do.

Ken wrote:
> You granted some rights to Privileged and then granted the same rights again to a couple groups.
The rights for Privileged I just applied because it was adviced in a post to see the Queue in Quicksearch. Actually I don't want rights for privileged users.

Ruslan wrote:
>Sounds like it, but to be sure clean all sessions in the DB. 
Same behaviour after cleaning all sessions.

Best regards,

Markus
============================================
T-Systems International GmbH
SDU Telco NPS
Vorgebirgsstr. 49
53119 Bonn
Tel: + 49 228 9841 3820
E-Mail: markus.kummer at t-systems.com 

T-Systems International GmbH
Aufsichtsrat: René Obermann (Vorsitzender)
Geschäftsführung: Reinhard Clemens (Vorsitzender), Dr. Ferri Abolhassan, Olaf Heyden, Joachim Langmack, Dr. Matthias Schuster, Klaus Werner
Handelsregister: Amtsgericht Frankfurt am Main HRB 55933 Sitz der Gesellschaft: Frankfurt am Main WEEE-Reg.-Nr. DE87523644

-----Ursprüngliche Nachricht-----
Von: ruslan.zakirov at gmail.com [mailto:ruslan.zakirov at gmail.com] Im Auftrag von Ruslan Zakirov
Gesendet: Dienstag, 11. Mai 2010 21:18
An: Kummer, Markus
Cc: rt-users at lists.bestpractical.com
Betreff: Re: [rt-users] Problems with permissions (bug?)

On Tue, May 11, 2010 at 8:47 PM,  <Markus.Kummer at t-systems.com> wrote:
> Dear list,
>
> I'm using rt 3.8.8 and facing problems in setting up permissions for a queue.
>
> What I want is that users see the tickets they have requested in a certain queue only.
> So user A cannot see tickets requested by user B and vice versa.
>
> So I applied the following rights
>
> -> Configuration -> Queues -> Group rights
>
> Roles
>
> Requestor:
>
> - CommentOnTicket

Do you really want requestors to comment and see comments?

> - DeleteTicket
> - ForwardMessage
> - ModifyCustomField
> - ModifyTicket
> - OwnTicket

Requestor can own a ticket? Wierd.

> - ReplyToTicket
> - SeeCustomField
> - ShowOutgoingEmail
> - ShowTicket
> - ShowTicketComments

> - StealTicket
> - TakeTicket

This is wierd as well as OwnTicket.

> - Watch
> - WatchAsAdminCc

This is something wierd too.


>
> User defined groups
>
> 1_rt_eval
>
> - SeeQueue
> - CreateTicket
>
> 2_rt_eval
>
> - SeeQueue
> - CreateTicket
>
> This basically works, but when a user logs in he finds an empty RT at a glance page.
> But searching for his email address gives the expected results.
> So my only problem is that the Queue is not displayed in the Quicksearch.
> After a lot of searching in the mailing list archives I got some hints.
>
> I applied the following rights additionally:
>
> System groups
>
> Privileged:
>
> - SeeQueue
> - CreateTicket
> - ShowTicket
>
> After login the Quicksearch is populated with that queue but all tickets are shown.
> So I removed the ShowTicket right from Privileged (while the user is still logged in). After a reload of the RT at a glance page the user sees the queue in the quicksearch. Following the link shows the correct tickets (the ticket count is wrong but this doesn't matter).
>
> Everything fine so far, but when the user logs out and in again Quicksearch is empty again. This is fully reproducible.
>
> Do I miss something here or is this a bug?

Sounds like it, but to be sure clean all sessions in the DB.

> Thanks for any help!

--
Best regards, Ruslan.

More information about the rt-users mailing list