[rt-users] Rights issue on Configuration -> Global -> RT at a glance on RT 3.8.2
Carlos Garcia Montoro
cgarcia at ific.uv.es
Fri May 29 06:18:06 EDT 2009
Hello,
I've a question/request about RT that I have been neither able to
resolve from myself, nor have I found it at the RT wiki or googling this
mailing list.
I'm newbie using RT. I'm installing an organizational RT (ver. 3.8.2).
We have some departments that are autonomous of each other. Thus, I want
to grant some privileges for every admin group of each department. I
want to allow them to handle their own queues, groups, etc. But I also
want not to allow them to modify others space. I have achieved this
configuration, i.e. admins are only able to see their groups, admins can
see all queues but they are only allowed to modify some properties (Cc,
AdminCc,...) of their own queues but not other queues. In order to do
that I have granted them the global right "ShowConfigTab". Otherwise
they had rights but they couldn't use them (they couldn't modify group
membership of their groups,...).
The problem I'm suffering is this: When I grant the "ShowConfigTab"
right to a user or group, I'm also granting privileges to modify the
global RT at a glance. Let me show an example: Let me create a user foo
who can be granted rights ("Let this user be granted rights" is
checked). This new user isn't a member of any group, so he has no right
rather than "Everyone" and "Privileged". At this moment, global rights
for these groups are the default (no global right for "Everyone", and
only "ShowApprovalsTab" for "Privileged"). In some queues "Everyone" has
two rights "CreateTicket" and "SeeQueue", but as far as I know they only
grant privileges for creating a new ticket in these queues. Let this
user be granted the global "ShowConfigTab" right ( "Configuration" ->
"Global" -> "User Rights", and there foo is granted to "ShowConfigTab").
Now let foo log in. This user can see the configuration tab, but he
can't modify anything since he is not allowed to. If he tries to modify
anything RT won't allow it and foo will read a permission denied
message. But if foo goes to "Configuration" -> "Global" -> "RT at a
glance" and there he deletes "QuickCreate", RT allows it saying "Global
portlet body saved.". Now let the privileged user bar log in. The RT at
a glance of bar has no longer the "QuickCreate" frame when it previously
had it. Hence, I don't want to grant foo the right of modifying the
global RT at a glance!
Is it the expected behaviour? Am I missing anything or doing something
wrong?
Thank you,
Carlos
--
_______ _______________________________________________________________
| __ __ | Carlos García Montoro Ingeniero Informático
|_\_Y_/_| Instituto de Física Corpuscular Centro Mixto CSIC - UV
|\_] [_/| Servicios Informáticos
| [_] | Edificio Institutos de Investigación cgarcia at ific.uv.es
|C S I C| Apartado de Correos 22085 E-46071 Valencia Tel: +34 963543706
|_______| España / Spain Fax: +34 963543488
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cgarcia.vcf
Type: text/x-vcard
Size: 441 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20090529/9181ff69/attachment.vcf>
More information about the rt-users
mailing list