[rt-users] Rights, rights, rights...
Kenneth Crocker
KFCrocker at lbl.gov
Thu Feb 7 14:06:22 EST 2008
Todd,
I'm about to install 3.6.4. I have Rights Matrix running in 3.4.4 now.
Is there anything I need to do when I install 3.6.4 to keep my the
"MATRIX" (he he. sorry. I couldn't help it) running?
Kenn
LBNL
On 2/7/2008 8:10 AM, Todd Chapman wrote:
> js,
>
> My RightsMatrix RT extension can help with understanding and assigning
> rights.
>
> For example you can use it to assign right to a group and then look at
> individuals in that group to make sure they have the right you assigned
> and exactly how they got that right.
>
> http://search.cpan.org/author/HTCHAPMAN/RTx-RightsMatrix-0.03.00/lib/RTx/RightsMatrix.pm
>
> -Todd
>
> On 2/7/08, *Jean-Sebastien Morisset* <jsmoriss at mvlan.net
> <mailto:jsmoriss at mvlan.net>> wrote:
>
> On Wed, Feb 06, 2008 at 11:19:48AM -0800, Kenneth Crocker wrote:
> >
> > Whew! You have really given alot of people alot of rights.
>
> Kenneth and Ruslan,
>
> Thanks for your feedback! I did a lot of testing, and wasn't sure if you
> inherited rights or not, so many of the basic rights were duplicated.
> Thanks for explaining that bit. :-)
>
> Ok, so a brief description of our processes is in order... It's very
> simple really... Anyone can open a ticket. Requestors should be able to
> view and reply to their own ticket. Anyone else should be able to view
> all tickets, add themselves as CC, but not modify tickets that aren't
> theirs. We have 3-4 queues, and most of the requests will be coming in
> by e-mail, sorted (by procmail), and a ticket opened in the appropriate
> queue. Specific groups, like "Telecom" for example, have priviledges to
> work on tickets in their own queue (also called "Telecom"). They should
> also be able to transfer tickets to other queues in case someone sent
> their e-mail to the wrong queue. The "Management" group should have the
> ability to modify any ticket in any queue.
>
> So, in a nutshell, that's about it.
>
> After your comments, I made the following adjustments:
>
> Configuration -> Global -> Group Rights:
>
> Everyone
> CreateTicket
> SeeCustomField
>
> Privileged
> CreateSavedSearch
> CreateTicket
> EditSavedSearches
> LoadSavedSearch
> ModifySelf
> SeeCustomField
> SeeGroup
> SeeQueue
> ShowSavedSearches
> ShowTicket
> Watch
>
> User defined groups: Management
> ModifyQueueWatchers
> ModifyTicket
> OwnTicket
> ReplyToTicket
> ShowACL
> ShowOutgoingEmail
> ShowScrips
> ShowTemplate
> ShowTicketComments
> StealTicket
> TakeTicket
> WatchAsAdminCc
>
> There's also an RT-Admin group to manage users and RT configs:
>
> RT-Admin
> AdminAllPersonalGroups
> AdminCustomField
> AdminGroup
> AdminGroupMembership
> AdminOwnPersonalGroups
> AdminQueue
> AdminUsers
> AssignCustomFields
> ModifyACL
> ModifyCustomField
> ModifyOwnMembership
> ModifyQueueWatchers
> ModifyScrips
> ModifyTemplate
> ModifyTicket
> ShowACL
> ShowConfigTab
> ShowOutgoingEmail
> ShowSavedSearches
> ShowScrips
> ShowTemplate
> ShowTicket
> ShowTicketComments
>
> For each Queue ("Telecom" in this example), I have additional rights for
> the associated group. I've specified some AdminCCs by default because
> we're transitioning from an e-mail based process. Eventually I'll remove
> the AdminCCs and create a Scrip/Template to e-mail the group members
> when a ticket is created in their queue. After that it'll be up to them
> to decide if they want to own the ticket or add themselves as Ccs or
> AdminCcs.
>
> Configuration -> Queues -> Telecom -> Watchers:
>
> Administrative Cc:
> Telecom
> Management
>
> Configuration -> Queues -> Telecom -> Group Rights:
>
> User defined groups: Telecom
> CommentOnTicket
> ModifyTicket
> OwnTicket
> ReplyToTicket
> ShowOutgoingEmail
> ShowTicketComments
> StealTicket
> TakeTicket
> WatchAsAdminCc
>
> BTW, I appreciate your time with this. The faster I can tweak this
> config, the better chance it'll be adopted. Our current e-mail based
> process has to go... :-)
>
> I should also mention that I've configured the ___Approval queue. For
> some reason it's showing up on the user's home page. I thought the
> ___Approval queue would be hidden... Should it be?
>
> I'm still tweaking the approval process. There's some conflicts between
> the global scrips and the approval queue scrips. For example, the global
> scrip "On Create Notify AdminCcs with template Transaction" and the
> ___Approval queue scrip "On Create Notify AdminCcs with template New
> Pending Approval". It looks like I'll have to move that global scrip
> into each queue instead to avoid duplicate e-mails with the ___Approval
> queue.
>
> Thanks!
> js.
> --
> Jean-Sebastien Morisset, Sr. UNIX Administrator <jsmoriss at mvlan.net
> <mailto:jsmoriss at mvlan.net>>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
> <mailto:sales at bestpractical.com>
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
More information about the rt-users
mailing list