[rt-users] RT 3.8: questions on Kerberos, LDAP, and guest account setup

Kevin Falcone falcone at bestpractical.com
Mon Jun 13 08:43:13 EDT 2011


On Fri, Jun 10, 2011 at 10:35:02PM +0700, Ivan Shmakov wrote:
> >>>>> Kevin Falcone <falcone at bestpractical.com> writes:
>  > If you want the advanced search, you want a Privileged user.
> 
> 	Is it merely a limitation of the implementation, or something
> 	deeper?

I'm afraid I don't understand your question.  Unprivileged users have
no access to the Query Builder interface, and I'm not sure what level
of effort would be required to make it so.

> 	The inconvenience of setting up a Privileged guest account is
> 	that it will be necessary to maintain a separate group, whose
> 	members (which are all the Privileged users except the guest
> 	account) are actually granted “write access” to the tickets.
> 	With guest account now being Unprivileged, the Privileged group
> 	fulfills this role.
> 
>  > Unprivileged users are only going to see tickets that they're the
>  > Requestor of.
> 
> 	Apparently, it's not the case: I was able to see all the tickets
> 	belonging to the queues for which Everyone is granted SeeQueue
> 	and ShowTicket permissions.  (RT 3.8.8 debian 7.)

If you grant them ShowTicket globally, then anyone can see any ticket
if they can log into the system.

Unprivileged user dashboards only search for tickets where they are
watchers.

Granting Everyone ShowTicket is almost never the rights configuration
you want.

-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110613/25abcd74/attachment.sig>


More information about the rt-users mailing list