Group Rights

Question about group rights:

I’ve recently set up RT 3.0.10 for use as a company helpdesk system.
I’m having trouble assigning rights to groups. If I assign an
individual rights, such as SeeQueue and ShowTicket, the user can see
tickets in the queue just fine. The trouble is, when I assign the same
rights to a group the users in that group cannot see the queue or
tickets in that queue. Am I doing something wrong? If more info about
the setup is needed please let me know and I’ll be happy to provide it.

thanks.

-curly

Charlie Benatti
Systems Architect * YellowBrix, Inc.
curly@yellowbrix.com, 703.519.1050

Make sure the group is not disabled.On Fri, Apr 30, 2004 at 01:06:02PM -0400, Charlie Benatti wrote:

Question about group rights:

I’ve recently set up RT 3.0.10 for use as a company helpdesk system.
I’m having trouble assigning rights to groups. If I assign an
individual rights, such as SeeQueue and ShowTicket, the user can see
tickets in the queue just fine. The trouble is, when I assign the same
rights to a group the users in that group cannot see the queue or
tickets in that queue. Am I doing something wrong? If more info about
the setup is needed please let me know and I’ll be happy to provide it.

thanks.

-curly


Charlie Benatti
Systems Architect * YellowBrix, Inc.
curly@yellowbrix.com, 703.519.1050


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

RT Developer and Administrator training is coming to LA, DC and Frankfurt this spring and summer.
http://bestpractical.com/services/training.html

Sign up early, as class space is limited.

I hate it when I ask a question and the answer is something obvious.

Thanks.

-curlyOn Fri, Apr 30, 2004 at 12:22:42PM -0400, Todd Chapman wrote:

Make sure the group is not disabled.

On Fri, Apr 30, 2004 at 01:06:02PM -0400, Charlie Benatti wrote:

Question about group rights:

I’ve recently set up RT 3.0.10 for use as a company helpdesk system.
I’m having trouble assigning rights to groups. If I assign an
individual rights, such as SeeQueue and ShowTicket, the user can see
tickets in the queue just fine. The trouble is, when I assign the same
rights to a group the users in that group cannot see the queue or
tickets in that queue. Am I doing something wrong? If more info about
the setup is needed please let me know and I’ll be happy to provide it.

thanks.

-curly


Charlie Benatti
Systems Architect * YellowBrix, Inc.
curly@yellowbrix.com, 703.519.1050


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

RT Developer and Administrator training is coming to LA, DC and Frankfurt this spring and summer.
http://bestpractical.com/services/training.html

Sign up early, as class space is limited.

Charlie Benatti
Systems Architect * YellowBrix, Inc.
curly@yellowbrix.com, 703.519.1050

All,

Are group rights Additive? We have a Group that contains other groups with
certain granted rights, we would like to give one of the included groups
the ability to mange users.

Will RT grant all the rights allowed in the Containing group as well as
those assigned directly to the group?

Regards,

Ron Yacketta

Greetings Ron:

I’m relatively new with RT but have progressed a lot and have already
incorporated it into a live production environment.

To my experience, the scenario of “Group Additives”, as you put it, or
assigning a “group” within a “group”, is not necessarily the best
business practice.

I like to keep things well organized and have separate groups for
different unique permissions.

In theory your concept may work, but not advisable in my opinion, coming
from a security perspective, in the name of keep things organized and
secure.

Cheers!
Reza.

Ron Yacketta wrote on 10/27/2016 4:38 PM:

Ron Yacketta writes:

Are group rights Additive? We have a Group that contains other groups with
certain granted rights, we would like to give one of the included groups
the ability to mange users.

Will RT grant all the rights allowed in the Containing group as well as
those assigned directly to the group?

From my brief inspection of code a while back, this is how I say it organized:

  1. Every created user gets linked to a group newly created just for them.
  2. Groups can only hold other groups.
  3. This means that there does not need to be special code to determine if a group member is a group or a user.
  4. Rights are additive.
  5. Calculate as follows:
    A) Find the linked group of a member.
    B) Set rights to the rights of that group.
    C) For each group that this group is a member, do the following:
    i) Add the rights of this enclosing group
    ii) Recourse for all groups enclosing the enclosing group
  6. Resulting rights is what that user has.
  7. Perform similar calculations for user/queue or other combination

From other tidbits left by the RT folks, making code to mask off rights is not something they want to do, as it makes things much more complicated.

/jeff
The information contained in this e-mail is for the exclusive use of the
intended recipient(s) and may be confidential, proprietary, and/or
legally privileged. Inadvertent disclosure of this message does not
constitute a waiver of any privilege. If you receive this message in
error, please do not directly or indirectly use, print, copy, forward,
or disclose any part of this message. Please also delete this e-mail
and all copies and notify the sender. Thank you.