[rt-users] 3.6.0rc3: giving groups modification rights on members of other groups?
Ole Craig
ocraig at stillsecure.com
Thu Jun 1 14:05:07 EDT 2006
On Thu, 2006-06-01 at 13:43 -0400, Jesse Vincent wrote:
>
>
> On Thu, Jun 01, 2006 at 11:33:18AM -0600, Ole Craig wrote:
> > Is it possible for a user-defined group to get the "AdminUser"
> > right but only for selected users? i.e. I've got a U-D group "support".
> > I'd like members of the Support group to be able to modify user
> > information for unprivileged users, but not for members of other
> > user-defined groups.
> >
>
> Sorry. That's not currently possible.
Urk. That's... dismaying. Has anyone ever asked before? I
couldn't find anything in the archives, but it seems like an obvious
"want" feature to me, in that I'd like my support staff brethren to be
able to add notes about particular customers and update phone numbers
and such, but I don't want them to modify the user records for the
executive team (for instance.)
In re-reading my screed I realize that my logic was overly
fuzzified during verbalization: support staff should be able to modify
the user record of any member of a particular group (regardless of that
user's other group memberships) as long as the support group has been
given the appropriate rights for the target group.
Given the immediacy and brevity of Jesse's answer, I suspect
that's a distinction that fails to make a difference, but clearer logic
is always useful. Particularly since I may have to try and hack the
functionality in somehow, so I'm attempting to flesh out the equivalence
cases...
--
/Ole Craig
Security Engineer
303-381-3802 (main support hotline)
303-381-3824 (my direct line)
303-381-3801 (fax)
www.stillsecure.com
. . .
More information about the rt-users
mailing list