ACL-Restrict access to Display Ticket Content

Is there a way to restrict access for users such that they could see a
Queue (as shown in the “Quick search”), as well as a listing of the
Tickets corresponding to that Queue (“Show Results” – Results.html
page)? However, no further details & contents about a ticket (i.e.,
no Ticket metatdata) to be provided once a Ticket is selected from the
Results.html or Simple.html page. “ShowTicket” privilege is the one
that messes me up.

(RT 3.8.4)
I tried different ACL combinations (for Queue “X”), and none worked.
Presently, I have the following ACL’s for Queue “X”:

Everyone:

CommentOnTicket
CreateTicket
ReplyToTicket
SeeQueue

Unprivileged
Privileged

User Defined Group:

Grp-xyz
	I started from nothing, and experimented by one-by-one adding the  

following privileges (as soon as I add “ShowTicket”, it defeats what I
am after, and
without “ShowTicket” the Queue does not appear for the user):

		ModifyTicket
		OwnTicket
		ShowTicket
		ShowTicketCommenst
		Watch
		WatchAsAdminCc

Thanks,
Behzad

Behzad,

Two questions:

  1. Are there any differences between your Global settings and the Queue
    settings in question?
  2. I’m not sure if you are talking about the “Show Results” letting
    users see the Queue or if you are talking about seeing a Queue in the
    drop-down for "Creating a Ticket. If the the first, where do you give
    the right “ShowSavedSearch”?

Kenn
LBNLOn 12/10/2009 3:48 PM, Behzad Mahini wrote:

Is there a way to restrict access for users such that they could see a
Queue (as shown in the “Quick search”), as well as a listing of the
Tickets corresponding to that Queue (“Show Results” – Results.html
page)? However, no further details & contents about a ticket (i.e.,
no Ticket metatdata) to be provided once a Ticket is selected from the
Results.html or Simple.html page. “ShowTicket” privilege is the one
that messes me up.

(RT 3.8.4)
I tried different ACL combinations (for Queue “X”), and none worked.
Presently, I have the following ACL’s for Queue “X”:

Everyone:

CommentOnTicket
CreateTicket
ReplyToTicket
SeeQueue

Unprivileged

Privileged

User Defined Group:

Grp-xyz
I started from nothing, and experimented by one-by-one adding the
following privileges (as soon as I add “ShowTicket”, it defeats what I
am after, and
without “ShowTicket” the Queue does not appear for the user):

  	ModifyTicket
  	OwnTicket
  	ShowTicket
  	ShowTicketCommenst
  	Watch
  	WatchAsAdminCc

Thanks,
Behzad


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Ken,

Sorry for the delayed response. See inlines.

Thanks,
Behzad

Behzad,

Two questions:

  1. Are there any differences between your Global settings and the
    Queue settings in question?
    Yes, but not in a contradictory manner as shown below:
		Global							Queue
		-------------------------------			-----------------------------------

Everyone CommentOnTicket CommentOnTicket
CreateTicket CreateTicket
ReplyToTicket ReplyToTicket
SeeQueue SeeQueue

Unprivileged
- -

Privileged CreateSavedSearch -
EditSavedSearch -
LoadSavedSearch -
SeeDashboard -
ShowapprovalsTab -
ShowSavedSearches -
SubscribeDashboard -

User defined
ModifySelf As listed in my previous email, I had incrementally
added:
ModifyTicket
OwnTicket
ShowTicket
ShowTicketComments
Watch
WatchAdminCc

  1. I’m not sure if you are talking about the “Show Results” letting
    users see the Queue or if you are talking about seeing a Queue in
    the drop-down for "Creating a Ticket. If the the first, where do you
    give the right “ShowSavedSearch”?
    Here is a clarification for what I am after. From the "RTat a glance"
    page,
    =>“Quick Search”,
    a) if you were to click on any of the Queues that show up here, you
    will be taken to another page which reflects the number of tickets
    found for the selected Queue.
    b) At this stage:
    b.1) Presently, both the “Ticket No” & “Subject” are hyperlinked.
    b.2) As such if you were to select “Ticket No” or “Subject” you
    will be taken to a page that contains
    all details corresponding to that Ticket (i.e., Ticket Metatdata,
    Custom Fields, People, History, reminders, Dates, Links, etc.)
			-What I am after, is (using ACL's) to allow the user to get to  

stage “b.1” above, but not to be allowed to go to stage “b.2” (i.e.,
“Ticket No” & “Subject” stop
being hyperlinked items). That is I don’t want some users to see
all details corresponding to a Ticket, but I want to give them the
chance to see some
high-level attributes (i.e., Ticket No) corresponding to Tickets
in a Queue.

If this is not doable, it may be a "feature request".