I have a new install of Request Tracker 4.0.7 and am working through the very granular Rights structure. I’m planning on implementing a number of queues, some of which will be managed by IT personnel in departments other than my own.
I’m wondering how people configure their Role (AdminCC, Cc, Owner and Requestor) rights - specifically whether or not they configure them on a per-queue basis or globally? To me, it makes conceptual sense to configure Role rights globally because regardless of what queue someone is working in, Requestors will need ReplyToTicket and ShowTicket and so on for each Role. Is there any obvious drawback to this approach? It seems unnecessarily tedious to assign the same Rights to each Role for each Queue.
I would appreciate the input from someone more experienced with Request Tracker.
Thank you.
Kevin Elliott
Networking Specialist II
Alaska Department of Revenue, ASD-IT
(907) 465-2314
I have a new install of Request Tracker 4.0.7 and am working through the
very granular Rights structure. I�m planning on implementing a number of
queues, some of which will be managed by IT personnel in departments
other than my own.
I�m wondering how people configure their Role (AdminCC, Cc, Owner and
Requestor) rights � specifically whether or not they configure them on a
per-queue basis or globally? To me, it makes conceptual sense to
configure Role rights globally because regardless of what queue someone
is working in, Requestors will need ReplyToTicket and ShowTicket and so
on for each Role. Is there any obvious drawback to this approach? It
seems unnecessarily tedious to assign the same Rights to each Role for
each Queue.
I would appreciate the input from someone more experienced with Request
Tracker.
Thank you.
This is precisely how we do those roles.
Requestor & Cc:
AdminCc:
- CommentOnTicket
- ReplyToTicket
- ShowTicket
- ShowTicketComments
As for owner, they’ll already have rights in the queue by virtue of
being a worker in it. At least in my setup they do. It seems to work
pretty well for giving permissions to users that have a vested interest
in a given ticket, but not having specific permissions in the queue.
-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-
bounces@lists.bestpractical.com] On Behalf Of Tim Wiley
Sent: Thursday, July 11, 2013 1:50 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Configure Role Rights Globally?
I have a new install of Request Tracker 4.0.7 and am working through
the very granular Rights structure. I’m planning on implementing a
number of queues, some of which will be managed by IT personnel in
departments other than my own.
I’m wondering how people configure their Role (AdminCC, Cc, Owner and
Requestor) rights - specifically whether or not they configure them on
a per-queue basis or globally? To me, it makes conceptual sense to
configure Role rights globally because regardless of what queue
someone is working in, Requestors will need ReplyToTicket and
ShowTicket and so on for each Role. Is there any obvious drawback to
this approach? It seems unnecessarily tedious to assign the same
Rights to each Role for each Queue.
I would appreciate the input from someone more experienced with
Request Tracker.
Thank you.
This is precisely how we do those roles.
Requestor & Cc:
AdminCc:
- CommentOnTicket
- ReplyToTicket
- ShowTicket
- ShowTicketComments
As for owner, they’ll already have rights in the queue by virtue of being a
worker in it. At least in my setup they do. It seems to work pretty well for
giving permissions to users that have a vested interest in a given ticket, but
not having specific permissions in the queue.
Excellent. That makes sense. Do you handle Rights for the builtin Systems groups (Everyone, Unprivileged, Privileged) the same way? Again, it doesn’t make sense to me to configure these on a queue by queue basis.
Kevin Elliott
Networking Specialist II
Alaska Department of Revenue, ASD-IT
(907) 465-2314
Excellent. That makes sense. Do you handle Rights for the builtin Systems groups (Everyone, Unprivileged, Privileged) the same way? Again, it doesn’t make sense to me to configure these on a queue by queue basis.
Sure, if I want to give blanket permissions to any of those groups to
all of my queues, however in my setup, I don’t. Most of my queues have
a group or set of groups with permissions to it. There are a couple of
exceptions (Help Desk, etc.) that I give Everyone permissions to, but I
do that on the queue level so I don’t open up the permissions on the
specific queues that don’t need to be public. If all of your queues are
public, then I’d set them globally. It all just depends on how open you
want ALL of your queues to be.