Bypassing the ACL

Hi,

I’m looking at a point of conflict that I’m having with myself and RT. I
made an option that makes it easy and quick to create a DependsOn ticket
in queues where users have SeeQueue/CreateTicket permission for. People
like to call them SubTickets here. Now the problem is if they don’t have
ShowTicket permission for the DependsOn ticket they can’t see
information like status and owner. I can grant that to the Requestor
role (since who creates the ticket becomes the requestor) But they also
want other members who have access to the same queue’s as the Requestor
to be able to see the information.

The main info they want to be able to see is ticket ID, Subject, Owner
and Status. What would be the up and downside if I add that ticket
information in the display by over-ruling the ACL with the SystemUser?
What possible other solutions can I look at? I don’t want to give all
users the SeeQueue and ShowTicket Permissions for all queue’s they can
create DependsOn tickets in. If you do that those queue’s will also be
displayed in their ‘At a glance’ view. Giving them just SeeQueue and
CreateTicket allows them to create a ticket in a different queue without
seeing further information including the DependsOn information (I just
double checked. It looks like you can see ID and Owner, but not Subject
and Status without ShowTicket).

Kind regards,

Ton Hoogstraten

Ton,

You need to change your RT_SiteConfig.pm in etc to turn off 

“StrictACL”. By turning it off, it allows users from one queue to "link"
to tickets in other Queues that they have no privileges for. Hope this
helps.

Kenn
LBNLOn 5/7/2009 11:47 PM, Hoogstraten, Ton wrote:

Hi,

I’m looking at a point of conflict that I’m having with myself and RT.
I made an option that makes it easy and quick to create a DependsOn
ticket in queues where users have SeeQueue/CreateTicket permission
for. People like to call them SubTickets here. Now the problem is if
they don’t have ShowTicket permission for the DependsOn ticket they
can’t see information like status and owner. I can grant that to the
Requestor role (since who creates the ticket becomes the requestor)
But they also want other members who have access to the same queue’s
as the Requestor to be able to see the information.

The main info they want to be able to see is ticket ID, Subject, Owner
and Status. What would be the up and downside if I add that ticket
information in the display by over-ruling the ACL with the SystemUser?
What possible other solutions can I look at? I don’t want to give all
users the SeeQueue and ShowTicket Permissions for all queue’s they can
create DependsOn tickets in. If you do that those queue’s will also be
displayed in their ‘At a glance’ view. Giving them just SeeQueue and
CreateTicket allows them to create a ticket in a different queue
without seeing further information including the DependsOn information
(I just double checked. It looks like you can see ID and Owner, but
not Subject and Status without ShowTicket).

Kind regards,

Ton Hoogstraten



http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com