[rt-users] Rights issue on Configuration -> Global -> RT at a glance on RT 3.8.2

Carlos Garcia Montoro cgarcia at ific.uv.es
Fri May 29 06:18:06 EDT 2009


Hello,

I've a question/request about RT that I have been neither able to 
resolve from myself, nor have I found it at the RT wiki or googling this 
mailing list.

I'm newbie using RT. I'm installing an organizational RT (ver. 3.8.2). 
We have some departments that are autonomous of each other. Thus, I want 
to grant some privileges for every admin group of each department. I 
want to allow them to handle their own queues, groups, etc. But I also 
want not to allow them to modify others space. I have achieved this 
configuration, i.e. admins are only able to see their groups, admins can 
see all queues but they are only allowed to modify some properties (Cc, 
AdminCc,...)  of their own queues but not other queues. In order to do 
that I have granted them the global right "ShowConfigTab". Otherwise 
they had rights but they couldn't use them (they couldn't modify group 
membership of their groups,...).

The problem I'm suffering is this: When I grant the "ShowConfigTab" 
right to a user or group, I'm also granting privileges to modify the 
global RT at a glance. Let me show an example: Let me create a user foo 
who can be granted rights ("Let this user be granted rights" is 
checked). This new user isn't a member of any group, so he has no right 
rather than "Everyone" and "Privileged". At this moment, global rights 
for these groups are the default (no global right for "Everyone", and 
only "ShowApprovalsTab" for "Privileged"). In some queues "Everyone" has 
two rights "CreateTicket" and "SeeQueue", but as far as I know they only 
grant privileges for creating a new ticket in these queues. Let this 
user be granted the global "ShowConfigTab" right ( "Configuration" -> 
"Global" -> "User Rights", and there foo is granted to "ShowConfigTab"). 
Now let foo log in. This user can see the configuration tab, but he 
can't modify anything since he is not allowed to. If he tries to modify 
anything RT won't allow it and foo will read a permission denied 
message. But if foo goes to "Configuration" -> "Global" -> "RT at a 
glance" and there he deletes "QuickCreate", RT allows it saying "Global 
portlet body saved.". Now let the privileged user bar log in. The RT at 
a glance of bar has no longer the "QuickCreate" frame when it previously 
had it. Hence, I don't want to grant foo the right of modifying the 
global RT at a glance!

Is it the expected behaviour? Am I missing anything or doing something 
wrong?

Thank you,
Carlos

-- 
  _______ _______________________________________________________________
| __ __ | Carlos García Montoro                    Ingeniero Informático
|_\_Y_/_| Instituto de Física Corpuscular         Centro Mixto CSIC - UV
|\_] [_/| Servicios Informáticos
|  [_]  | Edificio Institutos de Investigación        cgarcia at ific.uv.es
|C S I C| Apartado de Correos 22085 E-46071 Valencia  Tel: +34 963543706
|_______| España / Spain                              Fax: +34 963543488
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cgarcia.vcf
Type: text/x-vcard
Size: 441 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20090529/9181ff69/attachment.vcf>


More information about the rt-users mailing list