[rt-users] Ticket level permissions

[Rajesh Kumar]

Hi All,

I'm new to RT and trying to make it work in following manner -

1. There should be only one queue called 'Support'. This is because we 
have too many clients and is a management call...

2. Multiple clients using same queue to create tickets.

3. No client should be able to access another client's tickets. Example 
- Client A should not be able to access client B's tickets.

And this is what I've done so far -

1. Add a custom field 'Client' at user level.

2. Create a group for each 'Client' and add all users belonging to the 
client to their respective group.

3. OnCreate scrip to add the group as 'Cc' to the ticket and grant 
'ShowTicket' to the 'Cc' role.

This results in -

1. User belonging to group A cannot see tickets raised by any user of 
group B on the 'Open tickets' page. So the segregation works here.

2. But if a user of group A searches for a ticket (by ticket number) he 
gets to see all the ticket details hence defeating restriction we needed 
in place.

Please take a look at the OnCreate script on pastebin 
<http://pastebin.com/4G7mFDP8> and help me understand what is wrong with 
this approach.


Thanks for help!

Regards,
Rajesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120720/fde7cba6/attachment.htm>