[rt-users] group rights do not work
Chris O'Kelly
Chris.okelly at minecorp.com.au
Thu Sep 27 18:34:24 EDT 2012
Hi,
I think it sounds as though there are other rights set up beside this one, possibly globally configured ones. I can't say for sure without seeing your setup, but here's the cases I can think of that would cause this rights scenario:
-In Tools>Configuration>Global>User Rights : MMTECH has been assigned the SeeQueue (View Queue) right.
-In Tools>Configuration>Global>Group Rights : MMTECH has been assigned the SeeQueue (View Queue) right.
-In Tools>Configuration>Global>Group Rights : MMTECH has been assigned the SeeQueue (View Queue) right.
-In Tools>Configuration>Global>Group Rights : Everyone has been assigned the SeeQueue (View Queue) right.
-In Tools>Configuration>Global>Group Rights : Privileged has been assigned the SeeQueue (View Queue) right.
-In Tools>Configuration>Global>Group Rights : AdminCC has been assigned the SeeQueue (View Queue) right, and the MMTECH user is set up as AdminCC on the other queues (unlikely?).
-In Tools>Configuration>Queues>[The other queues]>[User|Group] Rights : MMTECH (user or group) has been assigned the SeeQueue (View Queue) right (unlikely?).
Essentially, for a given queue, one can see it given that :
User is Privileged, and [
User has SeeQueue right in that queue's User Rights section or
User is in a group/role that has been assigned the SeeQueue right in that queue's Group Rights or
User has SeeQueue right in global configuration User Rights or
User is in a group/role that has been assigned the SeeQueue right in global configuration or
User (Or a group they are in) has been assigned the SuperUser right in global configuration
]
I think it's most likely you've made the same mistake I did starting out with RT rights - I thought a user first needed the global SeeQueue right for the queue-specific SeeQueue rights to take effect, so I gave Everyone SeeQueue globally then planned to also give it in specific queues for particular groups. Really though a user just needs the right anywhere up the line from their current context.
Regards
Chris O'Kelly
Web Administrator
Minecorp Australia
37 Murdoch Circuit
Acacia Ridge QLD 4110
minecorp.com.au<http://www.minecorp.com.au>
P: 07 3723 1000
M: 0450 586 190
E: Chris.okelly at minecorp.com.au<mailto:Chris.okelly at minecorp.com.au>
S: chris.okelly.mvs<http://skype.com>
[http://i50.tinypic.com/53qp8j.gif]
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Tim Dunphy
Sent: Friday, 28 September 2012 2:33 AM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] group rights do not work
>You've misunderstood Privileged vs Unprivileged.
>Privileged users have access to the full RT UI, Unprivileged users
>will always be redirected to the SelfService UI.
>Privileged users do not "see everything" in RT. They see only what
>they are assigned rights for (otherwise how could you limit Privileged
>staff users to only working in a single Queue).
>If you want a user to see RT At a Glance, they must be Privileged.
Great! Thanks for the clarification. Really the only issue I want to address is that when the mmtest user sees the full UI the '10 newest unowned tickets' displays tickets from all queues. That's why I thought that the user being privileged gave a user access to 'everything'.
[cid:image001.png at 01CD9D52.399A1210]
Sorry if this is a rather basic question, but how would I get the 'mmtest' user (who is now privileged) to see only tickets from the MMTECH queue and not see any tickets at all from the Ops queue in their '10 Newest Unowned Tickets'?
Lastly in 'Queues I administer' how can I limit the members of the mmtech group to only administer that queue?
[cid:image002.png at 01CD9D52.399A1210]
thanks
Tim
On Thu, Sep 27, 2012 at 12:14 PM, Kevin Falcone <falcone at bestpractical.com<mailto:falcone at bestpractical.com>> wrote:
On Thu, Sep 27, 2012 at 11:57:55AM -0400, Tim Dunphy wrote:
> No the mmtest user is not setup as privileged. This is is intentional. Because unless I'm
> mistaken (and I'll be the first one to admit I might be) a privileged user will see all queues
> in addition to their own.
You've misunderstood Privileged vs Unprivileged.
Privileged users have access to the full RT UI, Unprivileged users
will always be redirected to the SelfService UI.
Privileged users do not "see everything" in RT. They see only what
they are assigned rights for (otherwise how could you limit Privileged
staff users to only working in a single Queue).
If you want a user to see RT At a Glance, they must be Privileged.
-kevin
> The goal here is to get a non privileged user to see only their
> queue and also I'd like it if they could see their dashboard as well. But let me ask a stupid
> question if I may. Is this all that an unprivileged user is supposed to see? I thought even an
> unprivileged user given the appropriate rights should be able to see elements like '10 newest
> tickets I own', 'My reminders' , 'quick ticket creation' and etc. But instead this is all the
> mmtest user can see:
>
--------
Final RT training for 2012 in Atlanta, GA - October 23 & 24
http://bestpractical.com/training
We're hiring! http://bestpractical.com/jobs
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net<http://pool.sks-keyservers.net> --recv-keys F186197B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120928/c74f1b74/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 53074 bytes
Desc: image001.png
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120928/c74f1b74/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 10621 bytes
Desc: image002.png
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120928/c74f1b74/attachment-0001.png>
More information about the rt-users
mailing list