FW: [rt-users] Help - RTFM bugs with Rights ?
Hanson, Dave
Dave.Hanson at ogs.state.ny.us
Mon Oct 25 14:53:19 EDT 2004
Jesse - OK. Part of the problem was on my end - the user was in a group which had some rights to a class (but wasn't a superuser). I missed this while learning what each ACL did. My bad on that one, sorry.
HOWEVER, I still think there are some bugs (or lack of understanding on my part):
- every user, regardless of rights or lack thereof, can see custom fields menu, as well as modify the title and description of custom fields
- SeeClass ACL is needed to see the Custom Fields in an article.
- SeeClass ACL allows user to create an article in a class which they can see
- ShowCustomField seems to have no value, nor does it appear in the ACL list for individual classes
Here is the latest spreadsheet of ACL's and what they do:
Any help you could provide would be fantastic. THANKS!!!
-----Original Message-----
From: Jesse Vincent [mailto:jesse at bestpractical.com]
Sent: Tuesday, October 19, 2004 4:32 PM
To: Hanson, Dave
Cc: 'rt-users at lists.bestpractical.com'
Subject: Re: [rt-users] Help - RTFM bugs with Rights ?
What RT rights did your user have? Was he, perhaps, a SuperUser?
On Oct 19, 2004, at 12:18 PM, Hanson, Dave wrote:
> I installed RTFM-2.0.4.tar.gz on top of RT 3.2.2. Either I am missing
> something simple, or there are bugs in RTFM with setting rights in
> RTFM. We love the product, but this situation makes it difficult to
> use it for a large population of general users. We really would love
> to identify fixes.
>
> 1) I started with a user who had no ACL's for RTFM at all. I found
> that I do the following, none of which I think should be possible for
> a user with no ACL's:
> ◦ see article title and description from overview
> ◦ select article from overview
> ◦ see article history
> ◦ modify article title and description
> ◦ see custom fields
> ◦ modify custom field descriptions, fields, values, etc.
>
>
>
> 2) By adding ACL's individually so that only one ACL was present at
> any time, the following ACL's made no changes in rights from what was
> present above in #1
> ◦ AdminClass
> ◦ AdminValues
> ◦ CreateArticle
> ◦ ModifyArticle
> ◦ ShowArticle
> ◦ ShowArticleHistory
> ◦ ShowCustomField
>
> Attached is a spreadsheet mapping rights to ACL's:
> <<rtfm_privs_chart.xls>>
> Can these problems be rectified so that we can truly restrict which
> rights general users have? THANKS!
> <rtfm_privs_chart.xls>_______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Be sure to check out the RT wiki at http://wiki.bestpractical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rtfm_privs_chart_2.xls
Type: application/vnd.ms-excel
Size: 24064 bytes
Desc: rtfm_privs_chart_2.xls
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20041025/28a2b9aa/attachment.xls>
More information about the rt-users
mailing list