[rt-users] Groups For Unprivileged Users

Kenneth Crocker KFCrocker at lbl.gov
Mon Nov 5 12:26:40 EST 2007 

Arun & Kevin,


	I understand what your asking about and the truth is the whole point 
behind an "unprivileged" user is that they have NO rights. Then, of 
course, we ALLOW them to have rights via the system group 
"Unprivileged". What we did to deal with this was to ignore the concept 
of "unprivileged" completely. For us, the concept of an Unprivileged 
user is SOOOOO limited in our environment that it (as a system group) 
really doesn't exist. If we want any type of user to be able to see the 
history of a ticket, resolved or not, then we grant "SeeTicket", 
"SeeOutgoingEmail" to GLOBAL Requestors. That way ANY person that made a 
request could always look at the ticket they created without seeing 
anyone elses (we also don't allow any requestor to see comments, EVER). 
If we have a certain number of similar "Unprivileged" requestors, we 
create a group for them and put their ID's in the group and grant 
extremely limited rights to that group globally or to whatever queue 
they need to see, in essence, the "unprivileged" becomes "Privileged". 
  That does mean there are more groups than some would like, but we can 
define/refine the usage we allow to our RT queues much better. The only 
individuals that are granted rights on an individual basis is me and my 
backup (as "SuperUser"). Everyone else is in some group or global role, 
etc. Hopes this idea helps.


Kenn
LBNL

On 11/2/2007 6:56 PM, Arun Mahajan wrote:
> Hello Kenneth,
> 
> Thanks a lot. I tried that and it worked. But is there a way to allow a
> few unprivilged users access to a queue and leave the others. For Example:
> If i have user A, B and C, can i allow access to only User A and restrict
> B & C from accessing information in a queue.
> 
> Regards,
> 
> Arun Mahajan
> 
>> Arun,
>>
>>
>> 	Try removing the "CreateTicket" right from the global "unprivileged"
>> and put it in the "unprivileged" of just the queues you want it in. That
>> way, "unprivileged" will not be able to create any tickets in those
>> queues that do not allow that right.
>>
>>
>> Kenn
>> LBNL
>>
>> On 11/2/2007 10:50 AM, Arun Mahajan wrote:
>>> Hi,
>>>
>>> I'm new to request tracker and have been trying to configure it for my
>>> organization. Can anybody tell me if there's a way to create groups for
>>> unprivilged users. Currently, all the unprivileged users that i have
>>> created are part of one single group "Unprivileged". This doesn't allow
>>> me
>>> to restrict a few of the unprivileged users from creating tickets in
>>> certain queues.
>>>
>>> Regards,
>>>
>>> Arun Mahajan
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>>
>>> SAVE THOUSANDS OF DOLLARS ON RT SUPPORT:
>>>
>>> If you sign up for a new RT support contract before December 31, we'll
>>> take
>>> up to 20 percent off the price. This sale won't last long, so get in
>>> touch today.
>>>     Email us at sales at bestpractical.com or call us at +1 617 812 0745.
>>>
>>>
>>> Community help: http://wiki.bestpractical.com
>>> Commercial support: sales at bestpractical.com
>>>
>>>
>>> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
>>> Buy a copy at http://rtbook.bestpractical.com
>>>
>>
> 
>

More information about the rt-users mailing list