<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3157" name=GENERATOR></HEAD>
<BODY text=#000000 bgColor=#ffffff>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=823275918-01102009>Sigh... Yeah, They can't really modify their
passwd in ours either. I just don't want them thinking they can,
either! I can hear it now - I just changed my password, and now it
won't let me in using my new password - Can you reset my password for me,
please? 50 times a day.....</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=823275918-01102009></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=823275918-01102009>I am still hoping there might be some way to grant
SaveSearch (and, actually get it..) without exposing the preferences
tab....</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=823275918-01102009></SPAN></FONT> </DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Ken Crocker [mailto:kfcrocker@lbl.gov]
<BR><B>Sent:</B> Thursday, October 01, 2009 2:55 PM<BR><B>To:</B> Lander,
Scott<BR><B>Cc:</B> rt-users@lists.bestpractical.com<BR><B>Subject:</B> Re:
[rt-users] User right to save searches<BR></FONT><BR></DIV>
<DIV></DIV>Scott,<BR><BR>Yea. I can see that. We kind of went around that by the
way we use LDAP for our sign-ons. It doesn't matter what they do to their
password in "Preferences", it always gets overridden by LDAP. In other words,
they can't screw it up.<BR><BR>Kenn<BR>LBNL<BR><BR>On 10/1/2009 10:02 AM,
Lander, Scott wrote:
<BLOCKQUOTE
cite=mid:39A20BAEB14A6344A0646DD5C8F98D4B06979D6849@RCLTEXCMS02.resource.hearstcorp.com
type="cite">
<META content="MSHTML 6.00.2900.3157" name=GENERATOR>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=776115416-01102009>Ken, Thanks for your
reply.</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=776115416-01102009></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=776115416-01102009>My setup is similar - actually -
identical. Although I have given, globally to privileged
users, the rights CreateSavedSearch, EditSavedSearch and ShowSavedSearch along
with all other rights, they still can't actually save a search unless I also
give them ModifySelf (which presents the preferences tab that I don't want
them to have....)</SPAN></FONT></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Ken Crocker [<A
class=moz-txt-link-freetext
href="mailto:kfcrocker@lbl.gov">mailto:kfcrocker@lbl.gov</A>] <BR><B>Sent:</B>
Thursday, October 01, 2009 12:39 PM<BR><B>To:</B> Lander, Scott<BR><B>Cc:</B>
<A class=moz-txt-link-abbreviated
href="mailto:rt-users@lists.bestpractical.com">rt-users@lists.bestpractical.com</A><BR><B>Subject:</B>
Re: [rt-users] User right to save
searches<BR></FONT><BR></DIV>Scott,<BR><BR>We grant all the Create, save,
edit, etc. search rights to all privileged users at the global level. Since we
only grant the "SeeQueue", "CreatTicket", & "ShowTicket" rights to a queue
at the Queue level only, by granting the search rights globally, the actual
queues they can sees defers to the rights granted at the Queue level. Much
less maintenance AND everyone has all the "search" rights to whatever Queue
they can see. Hope this helps.<BR><BR>Kenn<BR>LBNL<BR><BR>On 10/1/2009 8:37
AM, Lander, Scott wrote:
<BLOCKQUOTE
cite=mid:39A20BAEB14A6344A0646DD5C8F98D4B06979D67FC@RCLTEXCMS02.resource.hearstcorp.com
type="cite">
<META content="Microsoft Exchange Server" name=Generator><!-- converted from rtf -->
<STYLE>.EmailQuote {
PADDING-LEFT: 4pt; MARGIN-LEFT: 1pt; BORDER-LEFT: #800000 2px solid
}
</STYLE>
<FONT face="Arial, sans-serif" size=2>
<DIV>It appears that for a user to be able to save their searches, I have to
give them rights to the preferences tab. I really don't want
them to be able to, for instance, change their passwords, which is under the
preferences tab (they authenticate via ldap, and this would change the local
password - it would get confusing….)</DIV>
<DIV> </DIV>
<DIV>Am I missing something obvious?</DIV>
<DIV> </DIV>
<DIV>Thanks</DIV>
<DIV>Scott</DIV>
<DIV> </DIV>
<DIV> </DIV></FONT><PRE>------------------------------------------------------------------------------------
This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the Hearst Service Center (<A class=moz-txt-link-abbreviated href="mailto:cadmin@hearstsc.com" moz-do-not-send="true">cadmin@hearstsc.com</A>) immediately by email and delete the original message.
------------------------------------------------------------------------------------
</PRE><PRE wrap=""><HR width="90%" SIZE=4>
_______________________________________________
<A class=moz-txt-link-freetext href="http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users" moz-do-not-send="true">http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users</A>
Community help: <A class=moz-txt-link-freetext href="http://wiki.bestpractical.com" moz-do-not-send="true">http://wiki.bestpractical.com</A>
Commercial support: <A class=moz-txt-link-abbreviated href="mailto:sales@bestpractical.com" moz-do-not-send="true">sales@bestpractical.com</A>
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at <A class=moz-txt-link-freetext href="http://rtbook.bestpractical.com" moz-do-not-send="true">http://rtbook.bestpractical.com</A></PRE></BLOCKQUOTE><PRE>------------------------------------------------------------------------------------
This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the Hearst Service Center (<A class=moz-txt-link-abbreviated href="mailto:cadmin@hearstsc.com">cadmin@hearstsc.com</A>) immediately by email and delete the original message.
------------------------------------------------------------------------------------
</PRE></BLOCKQUOTE><pre>------------------------------------------------------------------------------------
This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the Hearst Service Center (cadmin@hearstsc.com) immediately by email and delete the original message.
------------------------------------------------------------------------------------
</pre></BODY></HTML>