[rt-users] General permissions question

Ruslan Zakirov ruz at bestpractical.com
Mon Oct 25 22:39:02 EDT 2010 

On Fri, Oct 22, 2010 at 5:34 PM, Josh Narins <jnarins at seniorbridge.com>wrote:

>  I have three classes of users, I'm wondering if my privileges/groups
> setup is what RT intends.
>
>
>
> Class 1: Administrators. These three people can do anything.
>
>
Put them in the group.


> Class 2: People who log into RT and own and resolve tickets. Each is only
> going to be working with 1-3 queues out of 10-15 queues total.
>

Not sure how you split things into queues, but if you can organize some
groups that union people that work on particular set of groups then go for
it.

Using groups makes it easier to re-assign people or promote them. A user can
be in several groups and inherit rights from all of them.

Use roles for as much as possible. Usually granting rights via roles even on
global level helps you avoid granting them directly to groups.


> Class 3: People who create tickets via email and don't need to do anything
> but reply via email.
>
>
>
> Right now I'm thinking class 1 and class 2 should be "privileged" users,
> and by AdminCCs on the particular queues they are interested in. In
> addition, the three superusers will have, as a User Right, the "Super User"
> privilege.
>

Anyway use subgroups. If you grand to many rights on top level then some of
people got overwhelmed with ammount of access they have, but don't need.


> Class 3 won't be users which are seen via Configuration->Users. I still
> haven't figured out if they count as "Everybody" or "Unprivileged." I'd like
> them to be able to view any ticket (although I suspect they will rarely use
> such a power) so I'm giving them ShowTicket and ShowComment and a few other
> minor privileges.
>

ShowTicket is enough to see replies, but RT has comments as well. Comments
are protected by ShowComment right and often used for internal dialogs right
in a ticket between privileged users.


> Does that sound about right?
>
>
> *Josh Narins*
>
> Director of Application Development
> SeniorBridge
> 845 Third Ave
> 7th Floor
> New York, NY 10022
> Tel: (212) 994-6194
> Fax: (212) 994-4260
> Mobile: (917) 488-6248
> jnarins at seniorbridge.com
> seniorbridge.com <http://www.seniorbridge.com/>
>
> [image: SeniorBridge]
>
> ------------------------------
> *SeniorBridge Statement of Confidentiality:* The contents of this email
> message are intended for the exclusive use of the addressee(s) and may
> contain confidential or privileged information. Any dissemination,
> distribution or copying of this email by an unintended or mistaken recipient
> is strictly prohibited. In said event, kindly reply to the sender and
> destroy all entries of this message and any attachments from your system.
> Thank you.
>



-- 
Best regards, Ruslan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20101026/ad3b0abe/attachment.htm>

More information about the rt-users mailing list