js,<br><br>My RightsMatrix RT extension can help with understanding and assigning rights.<br><br>For example you can use it to assign right to a group and then look at individuals in that group to make sure they have the right you assigned and exactly how they got that right.<br>
<br><a href="http://search.cpan.org/author/HTCHAPMAN/RTx-RightsMatrix-0.03.00/lib/RTx/RightsMatrix.pm">http://search.cpan.org/author/HTCHAPMAN/RTx-RightsMatrix-0.03.00/lib/RTx/RightsMatrix.pm</a><br><br>-Todd<br><br><div>
<span class="gmail_quote">On 2/7/08, <b class="gmail_sendername">Jean-Sebastien Morisset</b> <<a href="mailto:jsmoriss@mvlan.net">jsmoriss@mvlan.net</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Wed, Feb 06, 2008 at 11:19:48AM -0800, Kenneth Crocker wrote:<br>><br>> Whew! You have really given alot of people alot of rights.<br><br>Kenneth and Ruslan,<br><br>Thanks for your feedback! I did a lot of testing, and wasn't sure if you<br>
inherited rights or not, so many of the basic rights were duplicated.<br>Thanks for explaining that bit. :-)<br><br>Ok, so a brief description of our processes is in order... It's very<br>simple really... Anyone can open a ticket. Requestors should be able to<br>
view and reply to their own ticket. Anyone else should be able to view<br>all tickets, add themselves as CC, but not modify tickets that aren't<br>theirs. We have 3-4 queues, and most of the requests will be coming in<br>
by e-mail, sorted (by procmail), and a ticket opened in the appropriate<br>queue. Specific groups, like "Telecom" for example, have priviledges to<br>work on tickets in their own queue (also called "Telecom"). They should<br>
also be able to transfer tickets to other queues in case someone sent<br>their e-mail to the wrong queue. The "Management" group should have the<br>ability to modify any ticket in any queue.<br><br>So, in a nutshell, that's about it.<br>
<br>After your comments, I made the following adjustments:<br><br>Configuration -> Global -> Group Rights:<br><br>Everyone<br> CreateTicket<br> SeeCustomField<br><br>Privileged<br> CreateSavedSearch<br> CreateTicket<br>
EditSavedSearches<br> LoadSavedSearch<br> ModifySelf<br> SeeCustomField<br> SeeGroup<br> SeeQueue<br> ShowSavedSearches<br> ShowTicket<br> Watch<br><br>User defined groups: Management<br> ModifyQueueWatchers<br>
ModifyTicket<br> OwnTicket<br> ReplyToTicket<br> ShowACL<br> ShowOutgoingEmail<br> ShowScrips<br> ShowTemplate<br> ShowTicketComments<br> StealTicket<br> TakeTicket<br> WatchAsAdminCc<br>
<br>There's also an RT-Admin group to manage users and RT configs:<br><br>RT-Admin<br> AdminAllPersonalGroups<br> AdminCustomField<br> AdminGroup<br> AdminGroupMembership<br> AdminOwnPersonalGroups<br> AdminQueue<br>
AdminUsers<br> AssignCustomFields<br> ModifyACL<br> ModifyCustomField<br> ModifyOwnMembership<br> ModifyQueueWatchers<br> ModifyScrips<br> ModifyTemplate<br> ModifyTicket<br> ShowACL<br> ShowConfigTab<br>
ShowOutgoingEmail<br> ShowSavedSearches<br> ShowScrips<br> ShowTemplate<br> ShowTicket<br> ShowTicketComments<br><br>For each Queue ("Telecom" in this example), I have additional rights for<br>
the associated group. I've specified some AdminCCs by default because<br>we're transitioning from an e-mail based process. Eventually I'll remove<br>the AdminCCs and create a Scrip/Template to e-mail the group members<br>
when a ticket is created in their queue. After that it'll be up to them<br>to decide if they want to own the ticket or add themselves as Ccs or<br>AdminCcs.<br><br>Configuration -> Queues -> Telecom -> Watchers:<br>
<br>Administrative Cc:<br> Telecom<br> Management<br><br>Configuration -> Queues -> Telecom -> Group Rights:<br><br>User defined groups: Telecom<br> CommentOnTicket<br> ModifyTicket<br> OwnTicket<br>
ReplyToTicket<br> ShowOutgoingEmail<br> ShowTicketComments<br> StealTicket<br> TakeTicket<br> WatchAsAdminCc<br><br>BTW, I appreciate your time with this. The faster I can tweak this<br>config, the better chance it'll be adopted. Our current e-mail based<br>
process has to go... :-)<br><br>I should also mention that I've configured the ___Approval queue. For<br>some reason it's showing up on the user's home page. I thought the<br>___Approval queue would be hidden... Should it be?<br>
<br>I'm still tweaking the approval process. There's some conflicts between<br>the global scrips and the approval queue scrips. For example, the global<br>scrip "On Create Notify AdminCcs with template Transaction" and the<br>
___Approval queue scrip "On Create Notify AdminCcs with template New<br>Pending Approval". It looks like I'll have to move that global scrip<br>into each queue instead to avoid duplicate e-mails with the ___Approval<br>
queue.<br><br>Thanks!<br>js.<br>--<br>Jean-Sebastien Morisset, Sr. UNIX Administrator <<a href="mailto:jsmoriss@mvlan.net">jsmoriss@mvlan.net</a>><br>_______________________________________________<br><a href="http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users">http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users</a><br>
<br>Community help: <a href="http://wiki.bestpractical.com">http://wiki.bestpractical.com</a><br>Commercial support: <a href="mailto:sales@bestpractical.com">sales@bestpractical.com</a><br><br><br>Discover RT's hidden secrets with RT Essentials from O'Reilly Media.<br>
Buy a copy at <a href="http://rtbook.bestpractical.com">http://rtbook.bestpractical.com</a><br></blockquote></div><br>