[rt-users] skip the queue selection for unprivileged users

Kenneth Crocker kfcrocker at lbl.gov
Thu Oct 6 11:37:32 EDT 2011


Izz,

check out what rights you have granted at the Queue level. Go to each Queue
and see what you did. Any of them could have granted "SeeQueue" and
"CreateTicket" granted to Everyone or unprivileged.

Kenn
LBNL

On Thu, Oct 6, 2011 at 8:04 AM, Izz Abdullah <Izz.Abdullah at hibbett.com>wrote:

> Interesting...I have 26 rows, all principal types of group.  Of that, there
> are 9 unique principal ids.  If I add the 3 system groups and our 6 user
> groups, we have 9.  Thanks for the sql...I'll look around and see why these
> have that right, where it came from, and I'll post back.
>
> -----Original Message-----
> From: ruslan.zakirov at gmail.com [mailto:ruslan.zakirov at gmail.com] On Behalf
> Of Ruslan Zakirov
> Sent: Thursday, October 06, 2011 9:49 AM
> To: Izz Abdullah
> Cc: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] skip the queue selection for unprivileged users
>
> Hi,
>
> Unprivileged users still can be in some groups. Use SELECT * FROM ACL
> WHERE RightName  = 'SeeQueue'; This may give you a clue.
>
> On Thu, Oct 6, 2011 at 3:59 PM, Izz Abdullah <Izz.Abdullah at hibbett.com>
> wrote:
> > That is what I thought, but I can only 'see' the privileged users in the
> web UI since we are using LDAP authentication.  So if I go instead to
> Tools->Configuration->Global->Group Rights, I have already removed the
> rights for 'Everyone' and 'Unprivileged'.  These two groups have no rights
> at all at the global level.  The user groups we have defined are limited to
> privileged users, so this is why I am stumped removing the rights hasn't
> solved my problem.
> >
> > -----Original Message-----
> > From: ruslan.zakirov at gmail.com [mailto:ruslan.zakirov at gmail.com] On
> Behalf Of Ruslan Zakirov
> > Sent: Thursday, October 06, 2011 8:54 AM
> > To: Izz Abdullah
> > Cc: rt-users at lists.bestpractical.com
> > Subject: Re: [rt-users] skip the queue selection for unprivileged users
> >
> > Hi,
> >
> > Then SeeQueue and CreateTicket is granted to too many users.
> >
> > On Thu, Oct 6, 2011 at 3:44 PM, Izz Abdullah <Izz.Abdullah at hibbett.com>
> wrote:
> >> So I have removed all the rights from a 3.8.4 migrated database into
> 4.0.2
> >> for unprivileged users on all queues except the ‘General’ queue.  I also
> >> have set in the SiteConfig file the DefaultQueue to “General”, but
> >> unprivileged users still receive a screen for ‘Queue selection’ when
> >> creating a new ticket, AND it allows them to create tickets in queues
> other
> >> than the General queue.
> >>
> >>
> >>
> >> I am a bit stumped on this.  If I have removed the permissions, why can
> >> unprivileged users still see and create tickets in other queues?
> >>
> >>
> >>
> >> We have, for example Queue1, Queue2, Queue3, etc.
> >>
> >> I don’t want them to see or access Queue1 – QueueN, but ONLY the General
> >> Queue.
> >>
> >> --------
> >> RT Training Sessions (http://bestpractical.com/services/training.html)
> >> *  San Francisco, CA, USA — October 18 & 19, 2011
> >> *  Washington DC, USA — October 31 & November 1, 2011
> >> *  Barcelona, Spain — November 28 & 29, 2011
> >>
> >
> >
> >
> > --
> > Best regards, Ruslan.
> > --------
> > RT Training Sessions (http://bestpractical.com/services/training.html)
> > *  San Francisco, CA, USA  October 18 & 19, 2011
> > *  Washington DC, USA  October 31 & November 1, 2011
> > *  Barcelona, Spain  November 28 & 29, 2011
>
>
>
> --
> Best regards, Ruslan.
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> *  San Francisco, CA, USA  October 18 & 19, 2011
> *  Washington DC, USA  October 31 & November 1, 2011
> *  Barcelona, Spain  November 28 & 29, 2011
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20111006/cd77e3d3/attachment.htm>


More information about the rt-users mailing list