Canned sets of rights for individuals accessing different queues?

I have been looking around and am thinking this may not really be possible,
but here goes.

I have a number of users, number of queues and three different access
levels View Only, Developer and Product Manager. I am trying to figure out
a way to specify the set of rights each of the access levels only once,
then somehow associate a user and queue with each set of rights, for
example.

user fred has developer rights to the testa queue, but only view only to
testb.

It looks like I could do this by creating a bunch of groups like
testa_developer and assigning the user to all the individual groups, but
that means I have to set up individual rights for each of those groups on
the various queues, which takes a while to set up and is hard to maintain.

In the past I set up global rights for groups and made a hack that pulls my
users from my user database and gets which rights each should have, then
copies those rights at the user level onto the queue directly. This never
seemed very clean to me but was the only solution I could come up with. I’m
upgrading my system now and was hoping maybe I could find a better way, but
I’m not finding anything.

Anyone have any ideas? I’m on 3.8.8

Ant,

We have the same levels of use here, but over 120 support Queues to do it.
We follow the following rules:

  1. No user gets individual privileges. They must be members in a group with
    "like needs" for access to a Queue. That way, as rights maintenance issues
    come up for a Queue, we only have to deal with the group as a whole, not a
    bunch of individual users. Way too much redundant work with individuals.
  2. We put the Product Manager in the “AdminCc” Queue watcher role. No one
    else
    gets that role for that Queue. We grant this role the rights to admin
    users/watchers and a lot of other stuff for that Queue.
  3. We name these groups for the Queue. ie. “xxxx-users” where “xxxx” is the
    name of the Queue and the “Users” are those people that can create and view
    their own tickets (only), but not modify them, unless it is a Custom Field
    created just for them. “XXXX-Support” or “XXXX-Texh-Support” are for the
    developers. They get more rights that “Users”.

I have a “Rights Guide” that we use for setting up Global/Queue rights for
groups and roles. If you feel you have an environment with the kind of
development support like ours, I can pass that on to you, if you are
interested.

Kenn
LBNLOn Wed, Oct 6, 2010 at 12:43 PM, ant ant@suave.net wrote:

I have been looking around and am thinking this may not really be possible,
but here goes.

I have a number of users, number of queues and three different access
levels View Only, Developer and Product Manager. I am trying to figure out
a way to specify the set of rights each of the access levels only once,
then somehow associate a user and queue with each set of rights, for
example.

user fred has developer rights to the testa queue, but only view only to
testb.

It looks like I could do this by creating a bunch of groups like
testa_developer and assigning the user to all the individual groups, but
that means I have to set up individual rights for each of those groups on
the various queues, which takes a while to set up and is hard to maintain.

In the past I set up global rights for groups and made a hack that pulls my
users from my user database and gets which rights each should have, then
copies those rights at the user level onto the queue directly. This never
seemed very clean to me but was the only solution I could come up with. I’m
upgrading my system now and was hoping maybe I could find a better way, but
I’m not finding anything.

Anyone have any ideas? I’m on 3.8.8

RT Training in Washington DC, USA on Oct 25 & 26 2010
Last one this year – Learn how to get the most out of RT!