[rt-users] Mandatory Custom Field Privileges

Tim Wiley tim at marchex.com
Tue Jul 9 20:08:27 EDT 2013 

On 07/09/2013 04:43 PM, Thomas Sibley wrote:
> On 07/09/2013 02:20 PM, Tim Wiley wrote:
>> GroupA are workers in & effectively own Queue1.  GroupA requested a
>> number of custom fields for their queue that help facilitate better
>> reporting on tickets.  Because of the reporting nature of these custom
>> fields, GroupA has requested that only they have the permissions
>> required to set the values on these fields & that they are mandatory.
>> Furthermore, these custom fields should be hidden from GroupB, the group
>> that is allowed to submit tickets to the queue.  Ideally, if GroupB
>> can't see or modify the custom field, they shouldn't be told at ticket
>> creation that the CFs are mandatory & the ticket should be created. Once
>> a ticket lands in the hands of GroupA & they modify the ticket, the
>> mandatory CFs with no values should then be verified & an error should
>> be displayed, not allowing the modify until all mandatory CFs are filled
>> out (because GroupA has permissions to see & modify the custom fields).
>>
>> I've looked all over for the special permissions recipe for this setup &
>> I can't find anything.  Am I the only one trying to use RT in this
>> manner?  Is there a way to do this that I'm missing?   Do you need more
>> information or clarification?  I'll gladly supply it.
>
> You never said what you tried and what isn't working...
>
> Not letting one group of users see a set of CFs is possible with RT's
> rights, provided you haven't granted rights too widely at the global
> level.  You may need to rejigger some of your rights first to be less
> global and more role/group/object specific.
>

I think that might've been the key.  I removed some more wide spread 
permissions on one of my mandatory fields & the error is gone.  Let me 
play around with the others & I'll get back to you.

The blanket permission was SeeCustomField granted to everyone on the CF 
level.  I'm guessing that there's no good way to allow a user to see the 
field, but not modify it?  Am I misunderstanding what SeeCustomField allows?

It's possible, I was mistaken on SeeQueue a while back.

More information about the rt-users mailing list