[rt-devel] quandry: secure parts of a ticket... should this be done with related tickets?

Phil Homewood pdh at snapgear.com
Thu Dec 12 18:08:28 EST 2002

Colleen wrote:
> 1) how do I limit who can see tickets in a certain queue?  Currently
> they all have global configuration of ACLs.

Configure rights per queue instead of globally. :-)

> 2) Should I create a showSecureInfo and an EditSecureInfo module and it
> checks to see who the current viewer is to see whether they can view the
> module?

Can you (ab)use Comments for this purpose? ie, give your Secure
people "ShowComment" and not the other group?

> 3) after the ticket's work has been complete
> (status=resolved/status=dead), how should I allow this info to be
> viewed?  The same as 2)?

Business process question.

> 4) should this be done with related tickets, with the secure info going
> in one and the task-related work going in another and then linking them?

You could do, I guess.

> Would this produce the correct relationship?  How would I guarantee that
> a user in Y couldn't see the secure info?

Different queues with different access.

> 5) I thought about copying Create.html into another file within an
> .htaccess protected directory and forcing all tickets for that queue to
> go to that directory (which would require a password), but I'm sure that
> will only make things really messy.

Don't go that way. :-)
Phil Homewood, Systems Janitor, www.SnapGear.com
pdh at snapgear.com Ph: +61 7 3435 2810 Fx: +61 7 3891 3630
SnapGear - Custom Embedded Solutions and Security Appliances

More information about the Rt-devel mailing list