[rt-users] Rights, rights, rights...

Todd Chapman todd at chaka.net
Thu Feb 7 11:10:49 EST 2008 

js,

My RightsMatrix RT extension can help with understanding and assigning
rights.

For example you can use it to assign right to a group and then look at
individuals in that group to make sure they have the right you assigned and
exactly how they got that right.

http://search.cpan.org/author/HTCHAPMAN/RTx-RightsMatrix-0.03.00/lib/RTx/RightsMatrix.pm

-Todd

On 2/7/08, Jean-Sebastien Morisset <jsmoriss at mvlan.net> wrote:
>
> On Wed, Feb 06, 2008 at 11:19:48AM -0800, Kenneth Crocker wrote:
> >
> >       Whew! You have really given alot of people alot of rights.
>
> Kenneth and Ruslan,
>
> Thanks for your feedback! I did a lot of testing, and wasn't sure if you
> inherited rights or not, so many of the basic rights were duplicated.
> Thanks for explaining that bit. :-)
>
> Ok, so a brief description of our processes is in order... It's very
> simple really... Anyone can open a ticket. Requestors should be able to
> view and reply to their own ticket. Anyone else should be able to view
> all tickets, add themselves as CC, but not modify tickets that aren't
> theirs. We have 3-4 queues, and most of the requests will be coming in
> by e-mail, sorted (by procmail), and a ticket opened in the appropriate
> queue. Specific groups, like "Telecom" for example, have priviledges to
> work on tickets in their own queue (also called "Telecom"). They should
> also be able to transfer tickets to other queues in case someone sent
> their e-mail to the wrong queue. The "Management" group should have the
> ability to modify any ticket in any queue.
>
> So, in a nutshell, that's about it.
>
> After your comments, I made the following adjustments:
>
> Configuration -> Global -> Group Rights:
>
> Everyone
>     CreateTicket
>     SeeCustomField
>
> Privileged
>     CreateSavedSearch
>     CreateTicket
>     EditSavedSearches
>     LoadSavedSearch
>     ModifySelf
>     SeeCustomField
>     SeeGroup
>     SeeQueue
>     ShowSavedSearches
>     ShowTicket
>     Watch
>
> User defined groups: Management
>     ModifyQueueWatchers
>     ModifyTicket
>     OwnTicket
>     ReplyToTicket
>     ShowACL
>     ShowOutgoingEmail
>     ShowScrips
>     ShowTemplate
>     ShowTicketComments
>     StealTicket
>     TakeTicket
>     WatchAsAdminCc
>
> There's also an RT-Admin group to manage users and RT configs:
>
> RT-Admin
>     AdminAllPersonalGroups
>     AdminCustomField
>     AdminGroup
>     AdminGroupMembership
>     AdminOwnPersonalGroups
>     AdminQueue
>     AdminUsers
>     AssignCustomFields
>     ModifyACL
>     ModifyCustomField
>     ModifyOwnMembership
>     ModifyQueueWatchers
>     ModifyScrips
>     ModifyTemplate
>     ModifyTicket
>     ShowACL
>     ShowConfigTab
>     ShowOutgoingEmail
>     ShowSavedSearches
>     ShowScrips
>     ShowTemplate
>     ShowTicket
>     ShowTicketComments
>
> For each Queue ("Telecom" in this example), I have additional rights for
> the associated group. I've specified some AdminCCs by default because
> we're transitioning from an e-mail based process. Eventually I'll remove
> the AdminCCs and create a Scrip/Template to e-mail the group members
> when a ticket is created in their queue. After that it'll be up to them
> to decide if they want to own the ticket or add themselves as Ccs or
> AdminCcs.
>
> Configuration -> Queues -> Telecom -> Watchers:
>
> Administrative Cc:
>     Telecom
>     Management
>
> Configuration -> Queues -> Telecom -> Group Rights:
>
> User defined groups: Telecom
>     CommentOnTicket
>     ModifyTicket
>     OwnTicket
>     ReplyToTicket
>     ShowOutgoingEmail
>     ShowTicketComments
>     StealTicket
>     TakeTicket
>     WatchAsAdminCc
>
> BTW, I appreciate your time with this. The faster I can tweak this
> config, the better chance it'll be adopted. Our current e-mail based
> process has to go... :-)
>
> I should also mention that I've configured the ___Approval queue. For
> some reason it's showing up on the user's home page. I thought the
> ___Approval queue would be hidden... Should it be?
>
> I'm still tweaking the approval process. There's some conflicts between
> the global scrips and the approval queue scrips. For example, the global
> scrip "On Create Notify AdminCcs with template Transaction" and the
> ___Approval queue scrip "On Create Notify AdminCcs with template New
> Pending Approval". It looks like I'll have to move that global scrip
> into each queue instead to avoid duplicate e-mails with the ___Approval
> queue.
>
> Thanks!
> js.
> --
> Jean-Sebastien Morisset, Sr. UNIX Administrator <jsmoriss at mvlan.net>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20080207/eb26ff1f/attachment.htm>

More information about the rt-users mailing list