[rt-users] How unprivileged users could see all tickets in their queue?

Alex Hall ahall at autodist.com
Thu Jan 5 09:59:20 EST 2017


Ah, got it. If you want to restrict users from seeing the user search
option, and from searching tickets, it seems like both Martin's and my
emails will do it. The only potential problem I see with mine is that one
could still type in a username, though queue/group restrictions should
still stop tickets involving that user from appearing.

On Thu, Jan 5, 2017 at 9:26 AM, Felix Defrance <felix at d2france.fr> wrote:

>
>
> Le 05/01/2017 à 12:22, Alex Hall a écrit :
> > Martin's suggestion makes sense, but I thought Felix was trying to
> restrict user search, not ticket search? That is, he doesn't want users to
> be able to search (and thus view the names of) all users? It's quite early
> here, so my brain may still be muttled and I could be wrong.
> Alex, after I see it was possible to display any tickets via the search
> module, I want to restrict this too.
>
> >
> > Sent from my iPhone
> >
> >> On Jan 5, 2017, at 06:08, Martin Wheldon <martin.wheldon at greenhills-it.
> co.uk> wrote:
> >>
> >> Hi Félix,
> >>
> >> I've just tried to configure this on a RT 4.4.1 install using a custom
> role and it seems to work fine.
> >> Here is the process I carried out.
> >>
> >> I've got 2 unprivileged users with a single queue, each being the owner
> of multiple tickets in that queue.
> >> I created a new custom role, then assigned it to the queue. Next I
> added the users to the custom role. (Done on the queue, watchers tab)
> >> The I added the SeeQueue and ShowTickets permissions to the custom role
> on the queue.
> >>
> >> Now when I login as either of the users I see all the tickets in that
> queue owner by those users.
> In this case, unprivileged users via (SelfService of course), just see
> their own tickets. For me, I have just 2 menus: "Tickets" and "Logged in
> foobar".
>
> In Tickets, I just see "Open tickets" and "Closed Tickets". In both
> pages, I just see tickets that users declarated as requestor.
>
> The custom role not provide an access to see all ticket in the queue (as
> elacour told to us).
>
> Now I understand the goal of the roles, maybe it's possible to
> automaticaly add custom role as a watcher to the right queue on all
> existing tickets and  the futur new ticket.
>
> Do you think it's possible ?
>
> Thx
>
> >>
> >> Hope that helps
> >>
> >> Best Regards
> >>
> >> Martin
> >>
> >>> On 2017-01-04 08:45, Emmanuel Lacour wrote:
> >>>> Le 03/01/2017 à 18:27, Felix Defrance a écrit :
> >>>> Hi all,
> >>>> I don't find how I could add ShowTickets or QueueList in
> >>>> SelfService.
> >>>> I want to allow my unprivileged users, grouped by company name, to
> >>>> see all tickets in their queue.
> >>>> The group rights on the queue is correctly defined and users could
> >>>> access to the tickets by entring the ticket number in the "goto
> >>>> Ticket" field (top right in SelfService).
> >>>> I have tried to play with CustomRole but it's not working for me. So
> >>>> anybody known how I can do it?
> >>> SelfService filters ticket list to tickets the user is watcher on
> >>> (requestor or Cc). This is hard coded in
> >>> share/html/SelfService/Elements/MyRequests:
> >>> my $id = $session{'CurrentUser'}->id;
> >>> my $Query = "( Watcher.id = $id )";
> >>> if ($status) {
> >>>    $status =~ s/(['\\])/\\$1/g;
> >>>    $Query .= " AND Status = '$status'";
> >>> }
> >>> so if you wan't to relax this to all tickets users have ShowTicket
> >>> rights, you have to modify this query ;)
> >>> But I strongly discourage (unless really needed) to setup an RT
> >>> instance with one queue per customer, best to think queues per
> >>> internal support team and play with customroles/groups or customfields
> >>> to set the customer.
>
> --
> Félix Defrance
> PGP: 0x0F04DC57
>
>
>


-- 
Alex Hall
Automatic Distributors, IT department
ahall at autodist.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20170105/963d2389/attachment.html>


More information about the rt-users mailing list