[rt-users] Public and Private queues?

Travis Campbell travis.campbell at amd.com
Tue Nov 12 11:39:31 EST 2002


On Wed, Nov 13, 2002 at 03:23:46AM +1100, Philip Warner wrote:
> At 10:00 AM 12/11/2002 -0600, dphull at ku.edu wrote:
> >Every time you add a new
> >queue you'll have to grant permissions on that queue to the groups you 
> >want to
> >have access.
> 
> That's the problem - they are effectively all private queues. Which means 
> that a new user can not submit an issue to any of them via email (which 
> auto-adds the user).
> 
> AFAICT, all groups must be public, or all groups must be private - there is 
> no ACL semantics to *deny* access - just grant.

We got around this by having a select set of queues that allowed Everyone to
create tickets in.  Those queues were monitored by human eyes and tickets were
parceled out to the private queues as needed.

You have to make sure you're doing this at the queue-level ACL management
interface.  If you're only doing global ACL's, yes, the queues are one way
or the other.

I agree that it would be nice to have ACLs to deny access, but in the grand
scheme of things, it works well enough to work the other direction.  Jesse may
be working on this in later revisions; I don't know, I haven't been tracking
the changes.

I bet he'd welcome diffs to add in the ACLs you're looking for, though. :-)

Travis
-- 
 Travis Campbell  -  Unix Systems Administrator =    travis at mpdtxmail.amd.com
    5900 E. Ben White Blvd, Austin, TX 78741    =     travis.campbell at amd.com
    TEL: (512) 602-1888  PAG: (512) 604-0341    = webmaster at mpdtxmail.amd.com  
=============================================================================
      "Does anything work as expected?"  Yes.  An axe through the CPU.




More information about the rt-users mailing list