[rt-users] Permissions by custom field

Kenneth Crocker KFCrocker at lbl.gov
Mon Jul 14 13:11:11 EDT 2008


	I agree with the group idea, always have. In fact, you can add yourself 
as a member of each group and create some searches that you can seave 
for each individual group. That way, when the other members of each 
group wants to run a query, they hav3e several choices they can make 
becuae you some some good ones for them and those are available to 
everyone in the SAME group. Also, The "group as requestor" is the same 
idea as I made of granting "ShowTicket" blobally to the role 
"Requestor". That allows requstors the right to see ONLY their tickets 
(as long as you didn't grant "ShowTicket" to another group). The CF for 
Customer name can also be used for searches and you can write a scrip to 
pre-fill that CF by the "@xxxx.com" or ".org" portion of the email 
address and that way all tickets created will automatically have the 
correct "Customer NAme' when created. Just a thought.


On 7/14/2008 5:32 AM, Braam van Heerden wrote:
> Kenneth,
> Todd Chapman sent some suggestions I will try.   
> I will try to be a bit more clear in my problem statement:
> We have a single queue called support that handles all tickets from 
> various customers we have SLA's with.  For ease of use we decided to 
> only use a single queue and not create a queue per customer (as that 
> list fluctuates sometimes).  Also, we have certain information on what 
> packages our customers offer to their customers, and how this is 
> implemented, and all this is bound by NDA's, so it's imperative we do 
> not let one customer see the details of another customer's tickets.  To 
> differentiate tickets raised by various customers we created a Custom 
> Field that contains the name of the customer.
> Now, the issue is this:  CustomerA has got a number of employees: Empl1, 
> Empl2 and Empl3.  Either of them can raise a ticket, and we will respond 
> and close the ticket.  Now, some time later the COO/CEO of CustomerA 
> requires access to all tickets raised by the various employees to track 
> who has not done their job, or where contractual violations occurred.
> How can we grant this user access to all tickets raised by his company 
> (and tagged by a certain Custom Field), whilst not allowing him access 
> to tickets raised by other customers?
> Right now I am leaning towards creating a group for every customer, then 
> add the group as a Requestor/Cc for the ticket.  If I understand things 
> correctly group members should then have access to all tickets created 
> under that group, if I give ShowTicket to the group, but to no others.  
> Not sure if there's an esier way to do this, though.
> Thanks :)
> Braam van Heerden
> Conversant Systems (Pty) Ltd
> Tel: +27 11 782 2930
> Cell: +27 82 336 4643
> Skype: braamvh 
>> -----Original Message-----
>> From: Kenneth Crocker [mailto:KFCrocker at lbl.gov] 
>> Sent: 11 July 2008 18:39 PM
>> To: Braam van Heerden
>> Cc: rt-users at bestpractical.com
>> Subject: Re: [rt-users] Permissions by custom field
>> Braam,
>> 	I'm a bit confused. Your subject line mentions 
>> permissions and I don't see that question here. As to Custom 
>> Fields, what is the correlation between customer and company? 
>> Normally, I would think it was  one to one. However, if you 
>> are creating tickets for someone else, you can modify the 
>> "Requestor" to be the customer and not you. You will still be 
>> the "creator". Then, you can have a CF that is the company.
>> 	Permissions would be simpler. You could grant the right 
>> to "ShowTicket" 
>> Globally to the "Requestor" role and that would keep your "customer" 
>> from seeing other "customer (Requestor)" tickets. Then you 
>> merely go to your Custom Field and apply it to the support 
>> queue and then go to "Group Rights" and grant 
>> "SeeCustomField" to Privileged. That way all privileged users 
>> will be able to see that field as well as the ticket in a 
>> queue they are privileged to access. Hope this helps.
>> Kenn
>> On 7/11/2008 6:01 AM, Braam van Heerden wrote:
>>> Greetings,
>>> After reading the permissions wiki I still can't figure out how to 
>>> achieve what my MD wants.  Please excuse me if this is 
>> described there.
>>> I am still fairly new at RT and the permissions system.
>>> We have a queue called Support where all our product 
>> support requests 
>>> from clients go into.  We also have a custom field called "Client" 
>>> that contains the name of the customer the ticket was 
>> raised for.  Our 
>>> customers can log into RT and see all the tickets they 
>> originated, but 
>>> some managers would like to see all the tickets generated for their 
>>> company.  How can we set up the permissions to achieve this?
>>> Clients are not allowed to see other client's tickets, and we would 
>>> prefer not to create a queue for each customer, as this 
>> sometimes vary.
>>> Any tips would be appreciated.  We are running RT 3.6.6.
>>> Thanks :)
>>> Braam van Heerden
>>> Conversant Systems (Pty) Ltd
>>> Tel: +27 11 782 2930
>>> Cell: +27 82 336 4643
>>> Skype: braamvh
>>> _______________________________________________
>>> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>> Community help: http://wiki.bestpractical.com Commercial support: 
>>> sales at bestpractical.com
>>> Discover RT's hidden secrets with RT Essentials from 
>> O'Reilly Media. 
>>> Buy a copy at http://rtbook.bestpractical.com

More information about the rt-users mailing list