[rt-users] Re: watchers
Brian May
bam at snoopy.apana.org.au
Thu Apr 4 03:01:17 EST 2002
Thanks for your reply.
On Wed, Apr 03, 2002 at 01:04:44PM +0100, Smylers wrote:
> There is correspondence and there are comments. They are distinct so
> that you can do distinct things with them. The difference is what you
> make of it. The idea is that you'd do something like the following:
>
> * Correspondence gets circulated to everybody; comments are between
> your people dealing with a ticket, but don't get sent to the person
> who requested a ticket.
>
> * The permissions are set such that Requestors can view correspondence
> but not comments; your people can view anything (well, possibly just
> anything in a particular queue, or just anything about tickets they
> are working on -- it's up to you).
>
> * Correspondence and comments are sent out using distinct templates,
> so that it is clear to recipients which they are receiving.
>
> * You have separate e-mail addresses for correspondence and comments,
> so that 'RT' can distinguish the two from incoming e-mails.
>
> If you use a Notify...AsComment action then the recipient gets an e-mail
> from the comment e-mail address. (If that didn't happen and comments
> were sent out with the correspondence address, then somebody replying to
> a comment would be sending correspondence and the Requestor might see
> things they weren't supposed to.)
Thanks. That clarifies some aspects I was wondering about. However,
on my installation, permissions weren't setup by default... See later,
this E-Mail.
What does a user need to do to access RT? Am I right in concluding
that anonymous access is not allowed? What happens if a user
doesn't have a password configured? Does this deny him/her access
too?
> Regarding OtherRecipients, that's something fairly new to 'RT'. See
> Jess's announcement of version 2.0.12, and search the mail archives in
> March for "OtherRecipients".
Ok. At this stage I gather it is related to the "Cc" and "Bcc"
stuff when creating comments?
> Yes. There also seems to be a time-lag here. Your mail was dated March
> 22nd, but seems to have got stick at pallas.eruditorum.org for a week or
> so (then cos of Easter weekend, I've only just got to it today). I've
> checked the archives, but didn't see any other responses to this.
I got a message saying that my E-Mail needed approval, but I didn't
get any messages saying it had been approved.
Anyway, without a good example for access control
(that I could find), I currently have:
Group: Administrators (bam)
Queue: Support
Global group/Everyone: +ModifySelf
Global user/bam: +AdminUsers
Global user/root: +Super user
Support group/Everyone: +CreateTicket
+SeeQueue
Support group/Requestor: +ReplyToTicket
+ShowTicket
Support group/Adminstrators: +CommentOnTicket
+CreateTicket
+ModifyTicket
+OwnTicket
+ReplyToTicket
+ShowTicket
+ShowTicketComments
+Watch
+WatchAsAdminCC
Any comments on this set of ACLs?
I assume this means the ticket requestor and any adminstrators will be able
able to see a given ticket, but noone else?
I have been considering adding to the above:
Support group/AdminCC: +CommentOnTicket
+ReplyToTicket
+ShowTicket
+ShowTicketComments
+Watch (not sure if this is required?)
+WatchAsAdmin (not sure if this is required?)
Support group/CC: +ShowTicket
+ReplyToTicket
+Watch (not sure if this is required?)
Which I think will mean
(1) if somebody is in the AdminCC list of a ticket or the AdminCC
list of the queue, they will get access to the ticket, and can leave
comments and reply to the requestor.
(2) if somebody is in the CC list of the ticket or the CC list of
the queue, they can see the ticket (but not comments), reply to
the user (hmmm... not sure if this is desirable; comment might be
better).
Is this correct?
Thanks.
--
Brian May <bam at snoopy.apana.org.au>
More information about the rt-users
mailing list