Ant,<br><br>We have the same levels of use here, but over 120 support Queues to do it. We follow the following rules:<br>1) No user gets individual privileges. They must be members in a group with "like needs" for access to a Queue. That way, as rights maintenance issues come up for a Queue, we only have to deal with the group as a whole, not a bunch of individual users. Way too much redundant work with individuals.<br>
2) We put the Product Manager in the "AdminCc" Queue watcher role. <b><i>No one else</i></b> gets that role for that Queue. We grant this role the rights to admin users/watchers and a lot of other stuff for that Queue.<br>
3) We name these groups for the Queue. ie. "xxxx-users" where "xxxx" is the name of the Queue and the "Users" are those people that can create and view their <i>own tickets</i> (only), but not modify them, unless it is a Custom Field created just for them. "XXXX-Support" or "XXXX-Texh-Support" are for the developers. They get more rights that "Users".<br>
<br>I have a "Rights Guide" that we use for setting up Global/Queue rights for groups and roles. If you feel you have an environment with the kind of development support like ours, I can pass that on to you, if you are interested.<br>
<br>Kenn<br>LBNL<br><br><div class="gmail_quote">On Wed, Oct 6, 2010 at 12:43 PM, ant <span dir="ltr"><<a href="mailto:ant@suave.net">ant@suave.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
I have been looking around and am thinking this may not really be possible,<br>
but here goes.<br>
<br>
I have a number of users, number of queues and three different access<br>
levels View Only, Developer and Product Manager. I am trying to figure out<br>
a way to specify the set of rights each of the access levels only once,<br>
then somehow associate a user and queue with each set of rights, for<br>
example.<br>
<br>
user fred has developer rights to the testa queue, but only view only to<br>
testb.<br>
<br>
It looks like I could do this by creating a bunch of groups like<br>
testa_developer and assigning the user to all the individual groups, but<br>
that means I have to set up individual rights for each of those groups on<br>
the various queues, which takes a while to set up and is hard to maintain.<br>
<br>
In the past I set up global rights for groups and made a hack that pulls my<br>
users from my user database and gets which rights each should have, then<br>
copies those rights at the user level onto the queue directly. This never<br>
seemed very clean to me but was the only solution I could come up with. I'm<br>
upgrading my system now and was hoping maybe I could find a better way, but<br>
I'm not finding anything.<br>
<br>
Anyone have any ideas? I'm on 3.8.8<br>
<br>
RT Training in Washington DC, USA on Oct 25 & 26 2010<br>
Last one this year -- Learn how to get the most out of RT!<br>
</blockquote></div><br>