[rt-users] "Modify Ticket" permissions too broad?
Nick Kartsioukas
change+lists.rt at nightwind.net
Tue Jun 30 14:38:32 EDT 2009
I'm finding the "modify ticket" permission setting is too broad for some
situations. Here's my issue...
Let's say I have two queues, A, and B. I have a group associated with
each queue as the "responsible" group (as in this group will handle
tickets in each queue, so they can own tickets, close them, etc).
However, sometimes someone from group A may need to create a ticket in
queue B that relates to a project they're working on, and they'll want
to link a ticket they own to that other ticket as a dependency.
Ticket 1 in queue A owned by Adam (member of queue A group). Adam needs
Bob in queue B to complete a task for him, this task must get done for
ticket 1 to continue. So Adam creates ticket 2 in queue B, and wants to
make it a dependency of ticket 1. However, in order to link the
tickets, Adam needs "modify ticket" permissions in queue B, but we don't
want Adam to be able to resolve/delete tickets in queue B, or reply to
tickets in queue B on which he isn't the requester. I don't want to
give requester the ModifyTicket right, as then unprivileged end
users/customers would be able to close their own tickets, which we don't
want.
As far as I can tell, there's no way to do this. Is that correct, or am
I missing something?
Permissions are set like this:
Queue A:
Owner has ModifyTicket, ReplyToTicket
Requester has ReplyToTicket, ShowTicket
Group A has AssignCustomFields, CommentOnTicket, CreateTicket,
OwnTicket, SeeQueue, ShowOutgoingEmail, ShowTicket, ShowTicketComments,
StealTicket, TakeTicket, Watch, WatchAsAdminCc
Group B has CreateTicket, SeeQueue, ShowTicket, ShowTicketComments
Queue B is the same, the permissions for groups A and B are just
swapped.
More information about the rt-users
mailing list