[rt-users] Search page Owners drop-down

Ken Crocker kfcrocker at lbl.gov
Mon Jun 1 12:42:29 EDT 2009


Subb,

    You'd have to look at "Privileged" in both Global Group and user 
rights as well as Queue group and user rights. We do not grant rights to 
ANY individual users. For us, that would be a maintenance nightmare. We 
put individual users in user-defined groups that have the same access 
needs. If you have Rights-Matrix, that would tell you exactly who has 
what rights and how they got them. Try looking at that and see what you 
have. It makes debugging these problems a lot easier.
    The thing to keep in mind is that RT will let you grant almost 
anything to anyone. However, to keep the nightmares away, it would be 
prudent to have a set policy for who should do what in what queues and 
set your rights accordingly. If you only have a few users, then you can 
get away with a "seat-of-the-pants" process. But if you have many (in 
our case hundreds and hundreds) you'll spend more time chasing your tail 
trying to find out why someone can/can't do something because there was 
no policy guiding you when you granted all those privileges way back when.
    Remember the old saying "if he had brains, he'd be dangerous"?. 
Well, think of privileges along the same lines. There are always some 
people that find ways to screw up things because no one thought that a 
user would do such and such, so they were generous when setting up 
privileges. Just a thought.

Kenn
LBNL

On 6/1/2009 8:00 AM, Venkateswaran, Subbaraman wrote:
> I verified the permission of "OwnTicket" and it is not assigned to 
> Everyone group. Is there any other perms/location I should look into? 
> Thanks.
>  
>
> Thanks
> Subba Venkateswaran
> A&T - App Eng - SEG
> 609 282 7015
>
>  
>
> ------------------------------------------------------------------------
> *From:* Ken Crocker [mailto:kfcrocker at lbl.gov]
> *Sent:* Wednesday, May 20, 2009 12:58 PM
> *To:* Venkateswaran, Subbaraman
> *Cc:* rt-users at lists.bestpractical.com
> *Subject:* Re: [rt-users] Search page Owners drop-down
>
> Subb,
>
>     Most likely, you have a very "Liberal" application of the 
> "OwnTicket" right. For example, if you let just about anyone create a 
> ticket AND you have given the "OwnTicket" right to "Everyone" 
> Globally, then guess what? Every ticket that exists in every queue 
> will most likely have a REALLY long list of possible owners. This will 
> also kick your Query/search speed into granny low. Try breaking down 
> the privileges you have into something with more granularity.
>
> Kenn
> LBNL
>
> On 5/19/2009 6:17 AM, Venkateswaran, Subbaraman wrote:
>>
>> Can someone please explain why we see all kinds of emails, junk in 
>> addition to Login IDs in the Owners drop-down in RT search page? Is 
>> there a way we can control or maintain this, please?  This is 
>> screwing up people's RT search on tickets based on owners.
>>
>> Thanks a lot.
>>
>>
>> THE INFORMATION CONTAINED IN THIS MESSAGE AND ANY ATTACHMENT MAY BE 
>> PRIVILEGED, CONFIDENTIAL, PROPRIETARY OR OTHERWISE PROTECTED FROM 
>> DISCLOSURE. If the reader of this message is not the intended 
>> recipient, you are hereby notified that any dissemination, 
>> distribution, copying or use of this message and any attachment is 
>> strictly prohibited. If you have received this message in error, 
>> please notify us immediately by replying to the message and 
>> permanently delete it from your computer and destroy any printout 
>> thereof.
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>
>> Community help: http://wiki.bestpractical.com
>> Commercial support: sales at bestpractical.com
>>
>>
>> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
>> Buy a copy at http://rtbook.bestpractical.com
>
> THE INFORMATION CONTAINED IN THIS MESSAGE AND ANY ATTACHMENT MAY BE 
> PRIVILEGED, CONFIDENTIAL, PROPRIETARY OR OTHERWISE PROTECTED FROM 
> DISCLOSURE. If the reader of this message is not the intended 
> recipient, you are hereby notified that any dissemination, 
> distribution, copying or use of this message and any attachment is 
> strictly prohibited. If you have received this message in error, 
> please notify us immediately by replying to the message and 
> permanently delete it from your computer and destroy any printout thereof.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20090601/ebb5033a/attachment.htm>


More information about the rt-users mailing list