[rt-users] How unprivileged users could see all tickets in their queue?
Felix Defrance
felix at d2france.fr
Wed Jan 4 12:21:06 EST 2017
Le 04/01/2017 à 15:47, Alex Hall a écrit :
>
>
> On Wed, Jan 4, 2017 at 9:35 AM, Felix Defrance <felix at d2france.fr
> <mailto:felix at d2france.fr>> wrote:
>
>
> Le 04/01/2017 à 15:10, Alex Hall a écrit :
>> Okay, searching users is the problem? I'm not sure, but what
>> about an overlay that conditionally shows that part of page
>> templates? You could create a group to which you'd assign any
>> user you don't want viewing other users, then find the element
>> that displays the user search and add a condition to return
>> nothing if the user belongs to that group?
> Yes, this is a part of the problem. The second, but not important,
> it's just for the look&feel, the ability to custom "Rt at a
> glance" by user groups.
>
> For the first, I don't known how I can do " then find the element
> that displays the user search and add a condition to return
> nothing if the user belongs to that group"
>
> In one template, I was able to find this snippet to get the user object:
> my $user = $session{'CurrentUser'}->UserObj;
>
> From there, I imagine you could check if the user is a member of a
> certain group. Then "return 0" or something like that to stop the
> element from loading. My Perl skills aren't worthy of being called
> skills in any way, and I've never tried something quite like this, but
> it's my first thought. Sorry I can't help more; hopefully a more
> experienced user has a much simpler solution for you. :)
Do you know if the menu search come from :
rt/share/html/Dashboards/Elements/* ? Or from another file ?
I don't find documentation about these files and what are they doing :(
Thanks
>
>>
>> On Wed, Jan 4, 2017 at 8:57 AM, Felix Defrance <felix at d2france.fr
>> <mailto:felix at d2france.fr>> wrote:
>>
>>
>> Le 04/01/2017 à 14:02, Alex Hall a écrit :
>>> Can you describe your setup more? I'm not sure why
>>> unprivileged users would need access to all queue tickets,
>>> or why each user would have their own queue? As I understand
>>> it, unprivileged users are end users (i.e. customers, those
>>> who don't work for your organization). Thus, they shouldn't
>>> be able to access an entire queue, only tickets they open.
>>> Make them privileged, and restrict their rights by adding
>>> them to a certain group, and your life may be a lot easier.
>> Yes! In the begining, that's what I tried to do. Restrict
>> privilieged users. But I didn't find how restrict the access
>> to the SearchUser.
>>
>> A member of a queue can search and view all users.
>>
>> In my setup, a queue and group, are dedicated to a customer.
>>
>> A customer should not be able to fetch other informations
>> that are not inside of their queue. Thus, not be able to
>> search all user in RT database..
>>
>> Maybe, it's possible to limit the search function to their
>> queue or desactivate the access to the menu search. Do you
>> know about that ?
>>
>> Thanks,
>>>
>>> For example, you might have a group called "basic users" to
>>> which you'd add the users you currently consider
>>> unprivileged. That group would have only a few rights, but
>>> since its members would be privileged, you wouldn't run into
>>> RT's built-in restrictions.
>>>
>>> As to one queue per user, that would quickly get hard to
>>> manage. Queues are for organizing tickets and users. Sure, a
>>> queue may have just one user, but each user shouldn't have
>>> their own queue. Trying to keep track of the rights of such
>>> a setup would be a nightmare, assuming you have a good
>>> amount of users. As an example, we have queues for
>>> technology, warehouse, customer service, and other divisions
>>> within the company. Some queues have a lot of people, some
>>> have a few, butthey are all logical groupings of tasks. If I
>>> made a new queue for every user, I'd have dozens of them,
>>> and tickets would be all over the place! Plus, there's email
>>> to consider; if you want to accept incoming emails for
>>> ticket replies, you have to make a new Fetchmail or Postfix
>>> entry for every single user/queue you have.
>>>
>>> I hope this makes some sense. As I said, a lot of this
>>> depends on your usage pattern and setup concept. If you can
>>> explain that to us more, we might be able to help better.
>>>
>>> On Wed, Jan 4, 2017 at 3:57 AM, Felix Defrance
>>> <felix at d2france.fr <mailto:felix at d2france.fr>> wrote:
>>>
>>> Hello,
>>>
>>> You right, this rights isn't checked.
>>>
>>> But I can't view all tickets in selfservice anymore.
>>>
>>> I verify the same rights in :
>>>
>>> Admin > Queue, "select the queue name" and Group
>>> Rights, select and grant "unprivileged users" to
>>> Seequeue & Showtickets
>>>
>>> In the same section:
>>>
>>> grant group "compagny name" to Seequeue & Showtickets
>>>
>>>
>>> But no effect.
>>>
>>> I try to add a user to watchers 'CC', and grant watchers
>>> 'CC' to Seequeue & Showtickets but no effect too :(
>>>
>>> Another ideas ?
>>>
>>> Thanks,
>>>
>>> Félix.
>>>
>>> Le 03/01/2017 à 18:39, Alex Hall a écrit :
>>>> Have you granted the rights? In Admin > Global > Group
>>>> Rights, select the "unprivileged users" tab, then grant
>>>> "view queue". That should help, though our setup is
>>>> quite different so I can't verify it.
>>>>
>>>> On Tue, Jan 3, 2017 at 12:27 PM, Felix Defrance
>>>> <felix at d2france.fr <mailto:felix at d2france.fr>> wrote:
>>>>
>>>> Hi all,
>>>>
>>>> I don't find how I could add ShowTickets or
>>>> QueueList in SelfService.
>>>>
>>>> I want to allow my unprivileged users, grouped by
>>>> company name, to see all tickets in their queue.
>>>>
>>>> The group rights on the queue is correctly defined
>>>> and users could access to the tickets by entring
>>>> the ticket number in the "goto Ticket" field (top
>>>> right in SelfService).
>>>>
>>>> I have tried to play with CustomRole but it's not
>>>> working for me. So anybody known how I can do it?
>>>>
>>>> Thank you,
>>>>
>>>> --
>>>> Félix Defrance
>>>> PGP: 0x0F04DC57
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Alex Hall
>>>> Automatic Distributors, IT department
>>>> ahall at autodist.com <mailto:ahall at autodist.com>
>>>
>>> --
>>> Félix Defrance
>>> PGP: 0x0F04DC57
>>>
>>>
>>>
>>>
>>> --
>>> Alex Hall
>>> Automatic Distributors, IT department
>>> ahall at autodist.com <mailto:ahall at autodist.com>
>>
>> --
>> Félix Defrance
>> PGP: 0x0F04DC57
>>
>>
>>
>>
>> --
>> Alex Hall
>> Automatic Distributors, IT department
>> ahall at autodist.com <mailto:ahall at autodist.com>
>
> --
> Félix Defrance
> PGP: 0x0F04DC57
>
>
>
>
> --
> Alex Hall
> Automatic Distributors, IT department
> ahall at autodist.com <mailto:ahall at autodist.com>
--
Félix Defrance
PGP: 0x0F04DC57
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20170104/7c2cdd33/attachment.htm>
More information about the rt-users
mailing list