[rt-users] AdminUsers permission required to see user data?
Dag Bruck
dag at dynasim.se
Mon Aug 25 09:32:57 EDT 2003
I have set up RT 3.0.4 and we're beginning to use it. Here is a small problem,
that perhaps is just a question of setup.
Problem:
When a new ticket comes in from a non-staff user, a user is automatically
created. However, the ticket contains a message of the type "No comment
set for this user." Also, it is not possible to set the comment, or any
other data for the user.
Partial solution:
If I give the staff users the "AdminUsers" right, they can now see user data
including the comment, and they can also change data for the user.
New problem follows:
If I give staff users the "AdminUsers" right, theu can now set any data
for any users, including changing password for other staff users. I don't
think they intend to do that on purpose, but there is a risk of mistakes.
What I want:
I would like to see more levels of protection.
- The right to see user data, which is pretty obvious.
- The right to set comments, address etc. for a user. This should be
allowed for any staff user.
- The right to change sensitive data, for example the right to become
a full RT user or the right to set passwords. I want this level
to be quite restricted.
Comments and feedback greatly appreciated.
Dag Bruck
Dynasim AB
Lund, Sweden
More information about the rt-users
mailing list