[rt-users] deny unexisting users create tickets via email

Raed El-Hames rfh at vialtus.com
Fri Sep 11 07:07:20 EDT 2009 

Hi;

With regard to:

-> create a Group "Clients", and allow only privileged users of that 
group to CreateTicket and SeeQueue , but when they login, thez don't get 
only selfservice anymore.


You can make these users privileged , add them to the group;then make 
them unprivileged again.
Their group membership will be maintained and if they login , they'll 
get the self-service interface.
I have been using this approach for few years now and seems to work 
without any problems or compromise to security.
The way i do it here is have multiple customer groups (grouping each 
customer contacts) and all these customer groups are member of one big 
group I labelled customers, then apply my rights/permission on the 
various queues to this big group customers.

Regards;

Roy


mailinglists wrote:
> Hi,
>
> I'm sorry if my question is already answered in old posts, but I have 
> searched a lot and not found....
>
> People who need RT here, want to provision manually our customers with 
> an unique email, and allow only the existing customers to create tickets 
> via email.
> Other people mailing to operations at mycompagny.com (only one general 
> queue) would receive an "unauthorized email" response.
> The customers are created as unprivileged, with a password, and  can 
> access the SelfService
>
> I studied the following possibilities, but they all have a serious 
> drawback, or don't work :
>
> -> revoque the right CreateTicket and SeeQueue for Everyone in the 
> General Queue and add it to Unprivileged, but because of AutoCreate, 
> when an email is received, the user is provisionned, and become 
> unprivileged, and the ticket is created.
>
> -> create a Group "Clients", and allow only privileged users of that 
> group to CreateTicket and SeeQueue , but when they login, thez don't get 
> only selfservice anymore.
>
> -> I have seen people who play with CanonicalizeOnCreate, AutoCreate, 
> SenderMustExistInExternalDatabase, LookupSenderInExternalDatabase in 
> RT_SiteConfig but it seem to work only with external authentication  
> (http://lists.bestpractical.com/pipermail/rt-users/2003-February/012029.html)
>
> It appears to as a basic config, I can't believe that nobody had the 
> same need, and has found or developped solution !
>
> Thank you very much for help
>
> laetib
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
> Buy a copy at http://rtbook.bestpractical.com
>

More information about the rt-users mailing list