AdminUsers permission required to see user data?

I have set up RT 3.0.4 and we’re beginning to use it. Here is a small problem,
that perhaps is just a question of setup.

Problem:

When a new ticket comes in from a non-staff user, a user is automatically
created. However, the ticket contains a message of the type “No comment
set for this user.” Also, it is not possible to set the comment, or any
other data for the user.

Partial solution:

If I give the staff users the “AdminUsers” right, they can now see user data
including the comment, and they can also change data for the user.

New problem follows:

If I give staff users the “AdminUsers” right, theu can now set any data
for any users, including changing password for other staff users. I don’t
think they intend to do that on purpose, but there is a risk of mistakes.

What I want:

I would like to see more levels of protection.

  • The right to see user data, which is pretty obvious.
  • The right to set comments, address etc. for a user. This should be
    allowed for any staff user.
  • The right to change sensitive data, for example the right to become
    a full RT user or the right to set passwords. I want this level
    to be quite restricted.

Comments and feedback greatly appreciated.

Dag Bruck
Dynasim AB
Lund, Sweden