[rt-users] user rights affecting custom fields access via REST requests

Hugo Escobar hescobar at afslc.com
Thu Jan 15 13:40:30 EST 2015

Hi there,

Our RT instances have this basic conf:
RT 4.2.9, CentOS 6.6, mysql  Ver 14.14 Distrib 5.6.22, for Linux (x86_64)

We are trying to restrict rights as much as possible for "external" users
(those having access
to RT via a custom web application.)

In terms of group rights, this is what we would like to have:
1. Everyone    -> CreateTicket + ReplyToTicket
2. Privileged   -> None (empty)
3. Requestors -> CreateTicket + ReplyToTicket + SeeCustomField + ShowTicket
+ ModifyCustomField + ModifyTicket

However, these conf especially Privileged->None seems to be blocking access
to custom

Doing a little research I found this:

Is the user who is logging in via REST marked as Privileged in the
admin UI?  If not, they don't have access.  You'll either need to
allow Unprivileged users access in the config or mark your users

So, after marking external users as privileged I found that the
configuration shown above
still doesn't work, only after setting Privileged->SeeCustomField +

Shouldn't the fact that users are 'Requestor' be enough to let them
read/write custom fields?

Hugo Escobar


4770 Biscayne Blvd, Ste 700
Miami, FL 33137

main: 305.677.0022
support: 305.921.4620
email: hescobar at afslc.com

Follow us on Facebook and Linked-In

NOTICE: This email and any attachment to this email may contain
confidential information. If you are not the intended recipient, you must
not review, retransmit, convert to hard copy, photocopy, use or disseminate
this email or any attachments to it. If you have received this email in
error, please notify us immediately by return email and delete this
message. Please note that if this email contains a forwarded message or is
a reply to a prior message, some or all of the contents of this message or
any attachments may not have been produced by our firm. *As our firm may be
deemed a debt collector, if your payment is in default, we may be
attempting to collect a debt on behalf of the association, and any
information obtained may be used for that purpose.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20150115/646c1d19/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AFS_logo.png
Type: image/png
Size: 3183 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20150115/646c1d19/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: facebook-24x24.png
Type: image/png
Size: 814 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20150115/646c1d19/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkedin-24x24.png
Type: image/png
Size: 875 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20150115/646c1d19/attachment-0002.png>

More information about the rt-users mailing list