[rt-devel] quandry: secure parts of a ticket... should this be done with related tickets?

Colleen colleen at darksideproductions.net
Mon Dec 16 21:16:20 EST 2002

> -----Original Message-----
> From: Phil Homewood [mailto:pdh at snapgear.com]
> Sent: Thursday, December 12, 2002 3:08 PM
> Colleen wrote:
> > 1) how do I limit who can see tickets in a certain queue?  Currently
> > they all have global configuration of ACLs.
> Configure rights per queue instead of globally. :-)

ok, I tried this.  It doesn't seem to work as expected.

I have 10 users and 5 queues (1 of which is "secure" and should only
allow the 3 users with privileges"), lets say.  I took away all their
global rights except for "modify self".

I put in rights for all 10 users for the 4 ordinary queues and for the
secure queue, I only put permissions in for those 3 users.  I logged out
and logged back in as an average user (no secure permissions) and I
tried to 'Create a Ticket' in the secure queue.  I was allowed to do

Isn't that odd?  How can I fix this?  

> > 2) Should I create a showSecureInfo and an EditSecureInfo module and
> > checks to see who the current viewer is to see whether they can view
> > module?
> Can you (ab)use Comments for this purpose? ie, give your Secure
> people "ShowComment" and not the other group?

I got this working.  



More information about the Rt-devel mailing list