[rt-users] question on Privileged users

Alan Barrett apb at cequrux.com
Wed Apr 21 08:42:46 EDT 2004


On Wed, 21 Apr 2004, phillip wrote:
> Will this below solution work if I want my staff members to see the tickets 
> that they own?

There are at least three dimensions of permissions in RT:

a. The permission itself: things like "See Queue", "Create Ticket",
   "Reply to Ticket", "Comment on Ticket", "See TIcket", "See Comments",
   etc.
b. Who the permission is assigned to: an individual user, a
   locally-defined group (like "sales staff", "support staff", "all
   staff", "customer X"), a system-defined group that applies equally
   to all tickets (like "Everyone" or "Privileged users"), or a
   system-defined pseudo-group (such as "Requestor", "CC" or "Owner")
   for which every ticket has different members.
c. Whether it's a global or a per-queue permission.

If you define a user as "privileged", then that user is made a member
of the "Everyone" group and the "Privileged users" group, and you will
be able to add the user to locally-defined groups, and you will be also
be able to assign permissions directly to the user.  If you define a
user as unprivileged, then you will not be able to assign permissions
directly to the user, but the user will be a member of the "Everyone"
group (and will get any permissions that you assign to the "Everyone"
group), and the user will also get any permissions that you assign to
pseudo-groups like "Requestor" or "CC".

If you want to give all staff the right to see all tickets in all
queues, then define an "all staff" group and give the group "See Ticket"
permission at the global level.  If you want to give sales staff the
right to create tickets in the support queue, then define a "sales
staff" group and give that group the "See Queue" and "Create Ticket"
permission in the "support" queue.  If you want to give anybody the
right to see their own tickets in any queue (even in queues that they
would normally not be allowed to use), then give "Owner" and "Requestor"
the "See Ticket" permission at the global level.  It's very flexible,
and you may have to experiment before you find settings that work for
you.

--apb (Alan Barrett)



More information about the rt-users mailing list