[rt-users] Groups for Non Priviledged users
Ruslan U. Zakirov
Ruslan.Zakirov at acronis.com
Fri Oct 22 11:33:39 EDT 2004
Be aware this is memory hog.
Don't do that if you have many users(85k++ in our case).
Also don't rely on this behaviour in next releases.
I'm going to patch it and would be pushing ahead into mainline cause I
consider this as security issue.
Scenario:
* User is highly privileged(almost SU or SU)
* He leaves team and you mark him as Unpriveleged cause now he is normal
outsider. You have public queues(he may want access to) so you don't
disable his account.
* You think that he is Unprivileged, but he is not. Yes, he has only
SelfService, but he still has access to tickets via ID.
Test case:
1) create test priveleged user
2) grant him SU
3) makes him unpriv
4) login via WebUI under his account => you are in SelfService
5) type in any valid ticket id in searchbox
Sad but true.
Best regards. Ruslan.
Niranjan Patel wrote:
> I tried the other way.
>
> In the file Admin/Elements/SelectNewGroupMembers I commented the line
>
> $users->LimitToPrivileged();
> This will show all users in the selection box for members.
>
> Now you can add and remove all non privileged users to the groups at will
> I just wanted to confirm that this should not be a problem going ahead with
> the workflow of RT.
>
> Niranjan
>
> -----Original Message-----
> From: Todd Chapman [mailto:rt at chaka.net]
> Sent: Thursday, October 21, 2004 6:37 PM
> To: Niranjan Patel
> Cc: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] Groups for Non Priviledged users
>
> Currently the RT interface only allows privileged users
> to be put in a group, but that doesn't mean it can't
> be done. There are 2 solution you might try:
>
> 1. Use the RT API do add the users to the groups.
>
> 2. Make them privileged, put them in the groups, and
> then take away privileges. They should still be in the
> groups.
>
> -Todd
>
> On Thu, Oct 21, 2004 at 04:18:21PM -0400, Niranjan Patel wrote:
>
>>Hello All,
>>
>>
>>
>> We have 2 offices which have their own Queues. For example each one has
>
> it
>
>>own IT Queue.
>>
>> I was thinking of creating of creating 2 different Queues say IT-Office1
>>and IT-Office2.
>>
>> Now in my system I will create 2 user groups and based on the location I
>>will add Users to that group.
>>
>> Each group will have permission to create ticket in their own respective
>>queue.
>>
>> I have 6 queues which will be common for at least 2 offices for now.
>>
>>
>>
>> Now the problem is I will have to make all users in the system Privileged
>>for this to work. Since Grouping is only allowed for privileged users
>>
>> Is there any way to group non privileged users? Or even customize the
>>system
>>
>>
>>
>>regards
>>
>>Niranjan Patel
>>
>>
>>
>>
>
>
>>_______________________________________________
>>http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>
>>Be sure to check out the RT wiki at http://wiki.bestpractical.com
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Be sure to check out the RT wiki at http://wiki.bestpractical.com
More information about the rt-users
mailing list