[rt-devel] quandry: secure parts of a ticket... should this be done with related tickets?
Phil Homewood
pdh at snapgear.com
Thu Dec 12 18:08:28 EST 2002
Colleen wrote:
> 1) how do I limit who can see tickets in a certain queue? Currently
> they all have global configuration of ACLs.
Configure rights per queue instead of globally. :-)
> 2) Should I create a showSecureInfo and an EditSecureInfo module and it
> checks to see who the current viewer is to see whether they can view the
> module?
Can you (ab)use Comments for this purpose? ie, give your Secure
people "ShowComment" and not the other group?
> 3) after the ticket's work has been complete
> (status=resolved/status=dead), how should I allow this info to be
> viewed? The same as 2)?
Business process question.
> 4) should this be done with related tickets, with the secure info going
> in one and the task-related work going in another and then linking them?
You could do, I guess.
> Would this produce the correct relationship? How would I guarantee that
> a user in Y couldn't see the secure info?
Different queues with different access.
> 5) I thought about copying Create.html into another file within an
> .htaccess protected directory and forcing all tickets for that queue to
> go to that directory (which would require a password), but I'm sure that
> will only make things really messy.
Don't go that way. :-)
--
Phil Homewood, Systems Janitor, www.SnapGear.com
pdh at snapgear.com Ph: +61 7 3435 2810 Fx: +61 7 3891 3630
SnapGear - Custom Embedded Solutions and Security Appliances
More information about the Rt-devel
mailing list