[rt-users] Rights issue on Configuration -> Global -> RT at a glance on RT 3.8.2

Ken Crocker kfcrocker at lbl.gov
Thu Jun 4 11:59:31 EDT 2009 

Carlos,

    I may be mistaken, butI think the "ShowConfigTab" merely allows the 
user to see that tab and the functions under it. The user still needs to 
have other rights (like "ShowTemplate" and "ModifyTemplate") in order to 
see/modify templates and I'm sure the same situation exists for other 
objects to be modified.

Kenn
LBNL

On 6/4/2009 2:54 AM, Carlos Garcia Montoro wrote:
> Sorry for posting this twice, but I'm trying to make it shorter.
>
> Please, can anyone confirm me that a user who only has the global 
> right "ShowConfigTab" is able to modify the global RT at a glance?
>
> I'm using RT 3.8.2 and I would like to know if either I'm doing 
> something wrong or this is the expected behaviour. If this were the 
> second case, should this be considered a bug?
>
> For a longer explanation, attached you can find my previous message.
>
> Thanking you in advance,
> Carlos
>
> ------------------------------------------------------------------------
>
> Subject:
> [rt-users] Rights issue on Configuration -> Global -> RT at a glance 
> on RT 3.8.2
> From:
> Carlos Garcia Montoro <cgarcia at ific.uv.es>
> Date:
> Fri, 29 May 2009 12:18:06 +0200
> To:
> rt-users at lists.bestpractical.com
>
> To:
> rt-users at lists.bestpractical.com
>
>
> Hello,
>
> I've a question/request about RT that I have been neither able to 
> resolve from myself, nor have I found it at the RT wiki or googling 
> this mailing list.
>
> I'm newbie using RT. I'm installing an organizational RT (ver. 3.8.2). 
> We have some departments that are autonomous of each other. Thus, I 
> want to grant some privileges for every admin group of each 
> department. I want to allow them to handle their own queues, groups, 
> etc. But I also want not to allow them to modify others space. I have 
> achieved this configuration, i.e. admins are only able to see their 
> groups, admins can see all queues but they are only allowed to modify 
> some properties (Cc, AdminCc,...)  of their own queues but not other 
> queues. In order to do that I have granted them the global right 
> "ShowConfigTab". Otherwise they had rights but they couldn't use them 
> (they couldn't modify group membership of their groups,...).
>
> The problem I'm suffering is this: When I grant the "ShowConfigTab" 
> right to a user or group, I'm also granting privileges to modify the 
> global RT at a glance. Let me show an example: Let me create a user 
> foo who can be granted rights ("Let this user be granted rights" is 
> checked). This new user isn't a member of any group, so he has no 
> right rather than "Everyone" and "Privileged". At this moment, global 
> rights for these groups are the default (no global right for 
> "Everyone", and only "ShowApprovalsTab" for "Privileged"). In some 
> queues "Everyone" has two rights "CreateTicket" and "SeeQueue", but as 
> far as I know they only grant privileges for creating a new ticket in 
> these queues. Let this user be granted the global "ShowConfigTab" 
> right ( "Configuration" -> "Global" -> "User Rights", and there foo is 
> granted to "ShowConfigTab"). Now let foo log in. This user can see the 
> configuration tab, but he can't modify anything since he is not 
> allowed to. If he tries to modify anything RT won't allow it and foo 
> will read a permission denied message. But if foo goes to 
> "Configuration" -> "Global" -> "RT at a glance" and there he deletes 
> "QuickCreate", RT allows it saying "Global portlet body saved.". Now 
> let the privileged user bar log in. The RT at a glance of bar has no 
> longer the "QuickCreate" frame when it previously had it. Hence, I 
> don't want to grant foo the right of modifying the global RT at a glance!
>
> Is it the expected behaviour? Am I missing anything or doing something 
> wrong?
>
> Thank you,
> Carlos
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
> Buy a copy at http://rtbook.bestpractical.com
>   
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
> Buy a copy at http://rtbook.bestpractical.com
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20090604/7fa008b3/attachment.htm>

More information about the rt-users mailing list