Im trying to get the perms sorted out correctly to these levels:
- Staff (internal users)
- Clients (our primary contacts for our clients who want to use RT to
open/resolve etc Helpdesk tickets) - Client End users (who will ask for help only)
So far, the best route seems to:
- Create a queue ClientX
- Create a Group ClientXStaff, add staff who work at said client to
this group. It has expected permissions (Create, edit, delete, update,
own, modify etc) - Create a Group ClientXClientAccess. Add priv. accounts for our
clients, give them, OwnTicket, ViewTicket, EditTicket (not ViewComment
etc) - remove all global Privileged User rights except those that are
acceptable for all clients to have (OwnTicket [maybe], ViewTicket,
EditTicket perhaps…
My question is this:
Is there any harm in not having any System level privileges if you
instead define them for each queue/group?
Thanks
duncan