[rt-users] Problems with permissions (bug?)

Kenneth Crocker kfcrocker at lbl.gov
Tue May 11 13:15:35 EDT 2010


Markus,

It seems you want the Requestor to basically create, own and modify their
own requested ticket? You granted some rights to Privileged and then granted
the same rights again to a couple groups. If they have the right as a
privileged user, then you do not need to grant the same rights again to a
group, since only privileged users can be in a group.
I would grant "SeeQueue" and "CreateTicket" to privileged users and then
grant what you want to the requestor. Apparently,  the groups are
extraneous, so don't bother with them. If you can make a distinction between
what kind of privileges are necessary between groups and certain roles, then
create the group and add members. Also, I HOPe you are not granting any
rights to individual users. WAY BAD! Too much maintenance if you have a lot
of users.

Hope this helps.

Kenn
LBNL

On Tue, May 11, 2010 at 9:47 AM, <Markus.Kummer at t-systems.com> wrote:

> Dear list,
>
> I'm using rt 3.8.8 and facing problems in setting up permissions for a
> queue.
>
> What I want is that users see the tickets they have requested in a certain
> queue only.
> So user A cannot see tickets requested by user B and vice versa.
>
> So I applied the following rights
>
> -> Configuration -> Queues -> Group rights
>
> Roles
>
> Requestor:
>
> - CommentOnTicket
> - DeleteTicket
> - ForwardMessage
> - ModifyCustomField
> - ModifyTicket
> - OwnTicket
> - ReplyToTicket
> - SeeCustomField
> - ShowOutgoingEmail
> - ShowTicket
> - ShowTicketComments
> - StealTicket
> - TakeTicket
> - Watch
> - WatchAsAdminCc
>
> User defined groups
>
> 1_rt_eval
>
> - SeeQueue
> - CreateTicket
>
> 2_rt_eval
>
> - SeeQueue
> - CreateTicket
>
> This basically works, but when a user logs in he finds an empty RT at a
> glance page.
> But searching for his email address gives the expected results.
> So my only problem is that the Queue is not displayed in the Quicksearch.
> After a lot of searching in the mailing list archives I got some hints.
>
> I applied the following rights additionally:
>
> System groups
>
> Privileged:
>
> - SeeQueue
> - CreateTicket
> - ShowTicket
>
> After login the Quicksearch is populated with that queue but all tickets
> are shown.
> So I removed the ShowTicket right from Privileged (while the user is still
> logged in). After a reload of the RT at a glance page the user sees the
> queue in the quicksearch. Following the link shows the correct tickets (the
> ticket count is wrong but this doesn't matter).
>
> Everything fine so far, but when the user logs out and in again Quicksearch
> is empty again. This is fully reproducible.
>
> Do I miss something here or is this a bug?
>
> Thanks for any help!
>
> Markus
> ============================================
> T-Systems International GmbH
> SDU Telco NPS
> Vorgebirgsstr. 49
> 53119 Bonn
> Tel: + 49 228 9841 3820
> E-Mail: markus.kummer at t-systems.com
>
> T-Systems International GmbH
> Aufsichtsrat: René Obermann (Vorsitzender)
> Geschäftsführung: Reinhard Clemens (Vorsitzender), Dr. Ferri Abolhassan,
> Olaf Heyden, Joachim Langmack, Dr. Matthias Schuster, Klaus Werner
> Handelsregister: Amtsgericht Frankfurt am Main HRB 55933 Sitz der
> Gesellschaft: Frankfurt am Main WEEE-Reg.-Nr. DE87523644
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100511/df213f4a/attachment.htm>


More information about the rt-users mailing list