Help - RTFM bugs with Rights?

RT Users
1

I installed RTFM-2.0.4.tar.gz on top of RT 3.2.2. Either I am missing
something simple, or there are bugs in RTFM with setting rights in RTFM. We
love the product, but this situation makes it difficult to use it for a
large population of general users. We really would love to identify fixes.

  1. I started with a user who had no ACL’s for RTFM at all. I found that I
    do the following, none of which I think should be possible for a user with
    no ACL’s:
  • see article title and description from overview
  • select article from overview
  • see article history
  • modify article title and description
  • see custom fields
  • modify custom field descriptions, fields, values, etc.
  1. By adding ACL’s individually so that only one ACL was present at any
    time, the following ACL’s made no changes in rights from what was present
    above in #1
  • AdminClass
  • AdminValues
  • CreateArticle
  • ModifyArticle
  • ShowArticle
  • ShowArticleHistory
  • ShowCustomField
    Attached is a spreadsheet mapping rights to ACL’s:
    <<rtfm_privs_chart.xls>>
    Can these problems be rectified so that we can truly restrict which rights
    general users have? THANKS!

rtfm_privs_chart.xls (19 KB)

2

What RT rights did your user have? Was he, perhaps, a SuperUser?On Oct 19, 2004, at 12:18 PM, Hanson, Dave wrote:

I installed RTFM-2.0.4.tar.gz on top of RT 3.2.2. Either I am missing
something simple, or there are bugs in RTFM with setting rights in
RTFM. We love the product, but this situation makes it difficult to
use it for a large population of general users. We really would love
to identify fixes.

  1. I started with a user who had no ACL’s for RTFM at all. I found
    that I do the following, none of which I think should be possible for
    a user with no ACL’s:
    ◦ see article title and description from overview
    ◦ select article from overview
    ◦ see article history
    ◦ modify article title and description
    ◦ see custom fields
    ◦ modify custom field descriptions, fields, values, etc.

  2. By adding ACL’s individually so that only one ACL was present at
    any time, the following ACL’s made no changes in rights from what was
    present above in #1
    ◦ AdminClass
    ◦ AdminValues
    ◦ CreateArticle
    ◦ ModifyArticle
    ◦ ShowArticle
    ◦ ShowArticleHistory
    ◦ ShowCustomField

Attached is a spreadsheet mapping rights to ACL’s:
<<rtfm_privs_chart.xls>>
Can these problems be rectified so that we can truly restrict which
rights general users have? THANKS!
<rtfm_privs_chart.xls>_______________________________________________
The rt-users Archives

Be sure to check out the RT wiki at http://wiki.bestpractical.com