[rt-users] limit ticket list display on requestor login

Raed El-Hames Raed.El-Hames at daisygroupplc.com
Fri Jun 10 11:12:40 EDT 2011


Sorry Giuseppe I don't have much knowledge of the LDAP plugin.
Under normal circumstances (ie RT auth), I would write script to go through the users need changing and set Privileged to 0
foreach $MyUserId (@my_users_to_change) {
  my $u=RT::User->new(RT::SystemUser);
  my ($id, $msg) = $u->Load("$MyUserId");
  if ($id) {
   $u->SetPrivileged(0);
 }
}

Regards;
Roy
> -----Original Message-----
> From: Giuseppe Sollazzo [mailto:gsollazz at sgul.ac.uk]
> Sent: 10 June 2011 15:33
> To: Raed El-Hames
> Cc: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] limit ticket list display on requestor login
> 
> Hi Raed,
> thanks a lot as that explains it. This user is Privileged. Removing the
> privilege everything works as expected.
> 
> What puzzles me is the relationship between system groups and user
> defined groups. I would have expected to have the possibility of
> limiting permissions to Privileged users in a group rather then having
> them as Unprivileged.
> But never mind :-)
> 
> Now the problem I have is that all my imported users are Privileged, and
> reimporting them does not seem to change this (even with
> $LDAPUpdateUsers=1).
> 
> Do you reckon there's a way to bulk update users and make them
> Unprivileged?
> 
> Thanks,
> Giuseppe
> 
> 
> 
> 
> On 10/06/11 14:50, Raed El-Hames wrote:
> > The fist question Giuseppe , is user U privileged or not?
> >
> > If not then by default he should have been redirected to
> SelfService/index.html, which again by default should only display
> > /SelfService/Elements/MyRequests
> >
> > If he is privileged (then I would ask why? -- because according to what
> you need below he does not need to be privileged),  if he has to be
> privileged then you may have to do some coding .. I do think there is a
> limitation in RT , you should need to give the "SeeQueue" permission to be
> able to see it in the dropdown ? I would have thought the "CreateTicket"
> permission should be enough.
> >
> > As I suggested make user U unprivileged is the easiest solution.
> >
> > Good luck
> > Roy
> >
> >
> >> -----Original Message-----
> >> From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-
> >> bounces at lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo
> >> Sent: 10 June 2011 14:15
> >> To: rt-users at lists.bestpractical.com
> >> Subject: Re: [rt-users] limit ticket list display on requestor login
> >>
> >> Hi Kevin,
> >> that was my first thought - however in "global group rights" all
> >> checkboxes in general/staff/admin rights are unticked for System,
> Roles,
> >> and for the given user group.
> >>
> >> Or is it maybe how I shoudl manage this, by adding "show ticket" to the
> >> global one?
> >>
> >> Just in case I have explained myself improperly, what I'm trying to
> >> achieve is that users in the G group are shown in the dashboard a list
> >> of tickets in the queue Q for which they are requestors; such list
> >> should exclude tickets in the same queue for which they are not
> >> requestors.
> >>
> >> Thanks,
> >> G
> >>
> >> On 10/06/11 14:03, Kevin Falcone wrote:
> >>> On Fri, Jun 10, 2011 at 01:45:55PM +0100, Giuseppe Sollazzo wrote:
> >>>> Uhm...
> >>>> it seems not to behave like I would like to.
> >>>>
> >>>> Basically I have a privileged user U that is part of group "G".
> >>>> On queue Q group G has right to show/modify/reply, whereas the
> >>>> system privileged group does not have any right on the queue.
> >>>> Also, on queue Q role "Requestor" has right to show/modify/reply,
> >>>> whereas the system privileged group does not have any right on the
> >>>> queue.
> >>>>
> >>>> Still, U can see all tickets in queue Q, even those he's not a
> >>>> requestor for.
> >>>>
> >>>> So I'm still looking for a way to hide tickets for which a user in
> >>>> the group G is not a requestor for from the dashboard, if that's at
> >>>> all possible :)
> >>> Sounds like you have some global rights getting in the way.
> >>>
> >>> -kevin
> >>>
> >>>> On 10/06/11 12:06, Raed El-Hames wrote:
> >>>>> Giuseppe,
> >>>>>
> >>>>> I will not give the Everyone group rights other than Create Ticket
> and
> >> ReplyToTicket (and this is only to get the email side of things working
> >> properly).I also would not give any rights to the Unprivileged group.
> >>>>> For your purposes I would suggest you give the Requestor Role rights
> >> to ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are
> >> Unprivileged then their login will redirect them to the SelfService
> portal
> >> which is restricted.
> >>>>> Hope that helps;
> >>>>> Regards;
> >>>>> Roy
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-
> >>>>>> bounces at lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo
> >>>>>> Sent: 10 June 2011 10:43
> >>>>>> To: rt-users at lists.bestpractical.com
> >>>>>> Subject: [rt-users] limit ticket list display on requestor login
> >>>>>>
> >>>>>> Hi,
> >>>>>> I guess I'm not getting this right.
> >>>>>>
> >>>>>> I'd like that a user, upon login, were able to only see the tickets
> >> for
> >>>>>> which they are a requestor (in a given queue).
> >>>>>>
> >>>>>> Let's say I have a group G and a queue Q. If rights for G on Q are
> >>>>>> "Create tickets" and "View queue" obviously they see all tickets in
> >> the
> >>>>>> queue, whereas "Create tickets" alone does not allow them to see
> any
> >>>>>> ticket.
> >>>>>>
> >>>>>> To keep things tidy, I've also given the same rights to Everyone,
> >>>>>> Privileged, Unprivileged.
> >>>>>>
> >>>>>> Is what I want to do feasible with just permissions management?
> >>>>>>
> >>>>>> Thanks,
> >>>>>> Giuseppe
> >>>>>>
> >>>>>> --
> >>>>>> ____________________________________
> >>>>>>
> >>>>>> Giuseppe Sollazzo
> >>>>>> Senior Systems Analyst
> >>>>>> Computing Services
> >>>>>> Information Services
> >>>>>> St. George's, University Of London
> >>>>>> Cranmer Terrace
> >>>>>> London SW17 0RE
> >>>>>>
> >>>>>> Email: gsollazz at sgul.ac.uk
> >>>>>> Direct Dial: +44 20 8725 5160
> >>>>>> Fax: +44 20 8725 3583
> >>>>>>
> >>>> --
> >>>> ____________________________________
> >>>>
> >>>> Giuseppe Sollazzo
> >>>> Senior Systems Analyst
> >>>> Computing Services
> >>>> Information Services
> >>>> St. George's, University Of London
> >>>> Cranmer Terrace
> >>>> London SW17 0RE
> >>>>
> >>>> Email: gsollazz at sgul.ac.uk
> >>>> Direct Dial: +44 20 8725 5160
> >>>> Fax: +44 20 8725 3583
> >>>>
> >>>>
> >>
> >> --
> >> ____________________________________
> >>
> >> Giuseppe Sollazzo
> >> Senior Systems Analyst
> >> Computing Services
> >> Information Services
> >> St. George's, University Of London
> >> Cranmer Terrace
> >> London SW17 0RE
> >>
> >> Email: gsollazz at sgul.ac.uk
> >> Direct Dial: +44 20 8725 5160
> >> Fax: +44 20 8725 3583
> >>
> 
> 
> --
> ____________________________________
> 
> Giuseppe Sollazzo
> Senior Systems Analyst
> Computing Services
> Information Services
> St. George's, University Of London
> Cranmer Terrace
> London SW17 0RE
> 
> Email: gsollazz at sgul.ac.uk
> Direct Dial: +44 20 8725 5160
> Fax: +44 20 8725 3583
> 




More information about the rt-users mailing list