Help with RT permissions


#1

Hi All,

I’m trying to configure permissions in RT so that everyone can see
every queue but only see those tickets that they are listed as
Requestor or Owner on.

If I assign the rights SeeQueue and ShowTicket to Privileged, they
can see every queue and every ticket on the system. If I assign these
same rights to Requestor (and remove them from Privileged), they
can’t see any of the queues and can see their tickets only if they
search for them.

Ideally, I’d like everyone to be able to see every queue listed in
the “Quick search” section of “RT at a glance” but only be able to
see tickets that they Own or Requested.

Can anyone offer any help for achieving this?

~ Tom


#2

Hi Tom,

I’m not sure if it works but try to assign SeeQueue to privileged and
SeeTicket for requestors and owners.

Ben

Tom Smith schrieb:


#3

Tom,

Try this:

Privileged; CreateSavedSearch, EditSavedSearch, LoadSavedSearch, 

ModifySelf, ShowSavedSearch, SeeQueue, ReplyToTicket.

Owner: CommentOnTicket, CreateTicket, ModifyCustomField, ModifyTicket, 

SeeCustomField, ShowOutgoingEmail, ShowTicket, ShowTicketComments,
TakeTicket (maybe StealTIcket if you want to allow that).

Requestor: SeeCustomField, ShowOutgoingEmail, ShowTicket, 

ShowTicketComments (maybe*).

We usually put most of the Owners' rights in a support group (of which 

the owner is in) and set aside ModifyTicket for the owner only. But we
have over 150 queues and many, many support groups so we don’t want a
lot of “global” rights out there waiting to be abused. We grant most of
the rights to groups.
What I gave you will allow ANY Privileged user to see all queues and
create/edit/save queries on any queue/ticket they have the “ShowTicket"
right to. The Owner will be able to do all that PLUS he can modify all
parts of the ticket (the ability to modify a custom field is NOT
included in the “ModifyTIcket” right). Requestors will be able to see
ALL parts of a ticket (“ShowTicket” right does NOT include the
"ShowOutgoingEmail” or “ShowCustomField” or “ShowCOmments” rights).

Hope this helps.

Kenn
LBNLOn 6/5/2008 5:16 PM, Tom Smith wrote:

Hi All,

I’m trying to configure permissions in RT so that everyone can see
every queue but only see those tickets that they are listed as
Requestor or Owner on.

If I assign the rights SeeQueue and ShowTicket to Privileged, they
can see every queue and every ticket on the system. If I assign these
same rights to Requestor (and remove them from Privileged), they
can’t see any of the queues and can see their tickets only if they
search for them.

Ideally, I’d like everyone to be able to see every queue listed in
the “Quick search” section of “RT at a glance” but only be able to
see tickets that they Own or Requested.

Can anyone offer any help for achieving this?

~ Tom


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


#4

Thank you for the response Ben.

I did try that but it didn’t work–the users were unable to see any
queues on the “RT at a glance” page.On Jun 6, 2008, at 12:19 AM, Benjamin Weser wrote:

Hi Tom,

I’m not sure if it works but try to assign SeeQueue to privileged
and SeeTicket for requestors and owners.

Ben

Tom Smith schrieb:

Hi All,

I’m trying to configure permissions in RT so that everyone can
see every queue but only see those tickets that they are listed
as Requestor or Owner on.

If I assign the rights SeeQueue and ShowTicket to Privileged,
they can see every queue and every ticket on the system. If I
assign these same rights to Requestor (and remove them from
Privileged), they can’t see any of the queues and can see their
tickets only if they search for them.

Ideally, I’d like everyone to be able to see every queue listed
in the “Quick search” section of “RT at a glance” but only be
able to see tickets that they Own or Requested.

Can anyone offer any help for achieving this?

~ Tom


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly
Media. Buy a copy at http://rtbook.bestpractical.com


#5

Here is logic. To be a requestor user has to request something, but to
do that he should be able to see a queue. So it’s strange to grant
SeeQueue right to Requestor roles.

The truth is that we even don’t check user’s relations with tickets
when we check rights on queues.On Fri, Jun 6, 2008 at 4:16 AM, Tom Smith aliase573201@mac.com wrote:

Hi All,

I’m trying to configure permissions in RT so that everyone can see
every queue but only see those tickets that they are listed as
Requestor or Owner on.

If I assign the rights SeeQueue and ShowTicket to Privileged, they
can see every queue and every ticket on the system. If I assign these
same rights to Requestor (and remove them from Privileged), they
can’t see any of the queues and can see their tickets only if they
search for them.

Ideally, I’d like everyone to be able to see every queue listed in
the “Quick search” section of “RT at a glance” but only be able to
see tickets that they Own or Requested.

Can anyone offer any help for achieving this?

~ Tom


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Best regards, Ruslan.


#6

Thank you for the reply, Ruslan. :slight_smile:

What I have tried to do is give Privileged SeeQueue and Requestor
ShowTicket. I thought that if I did this, everyone who has “Let this
user be granted rights” would be able to see every queue and that
Requestors would only be able to see their own tickets.

This logic works except that the queues will not display in “Quick
search”.

For example, if a user logs in who has these rights and tickets that
they are listed as the Requestor of, they cannot see any queues in
"Quick search"–even if they click Edit, there are no queues listed
to be selected. If the same user, however, goes to Simple Search and
types in their email address, their tickets appear and they can view
the them–the query executed is “( Requestor LIKE ‘name@domain.tld’ )”

Are there any fallacies in the way that I’m thinking about this?On Jun 7, 2008, at 9:49 AM, Ruslan Zakirov wrote:

Here is logic. To be a requestor user has to request something, but to
do that he should be able to see a queue. So it’s strange to grant
SeeQueue right to Requestor roles.

The truth is that we even don’t check user’s relations with tickets
when we check rights on queues.

On Fri, Jun 6, 2008 at 4:16 AM, Tom Smith aliase573201@mac.com wrote:

Hi All,

I’m trying to configure permissions in RT so that everyone can see
every queue but only see those tickets that they are listed as
Requestor or Owner on.

If I assign the rights SeeQueue and ShowTicket to Privileged, they
can see every queue and every ticket on the system. If I assign these
same rights to Requestor (and remove them from Privileged), they
can’t see any of the queues and can see their tickets only if they
search for them.

Ideally, I’d like everyone to be able to see every queue listed in
the “Quick search” section of “RT at a glance” but only be able to
see tickets that they Own or Requested.

Can anyone offer any help for achieving this?

~ Tom


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


Best regards, Ruslan.


#7

Tom,

In addition to "SeeQueue", you have to grant "CreateTicket". The two 

work hand-in-hand for WebUI.

Kenn
LBNLOn 6/8/2008 10:51 PM, Tom Smith wrote:

Thank you for the reply, Ruslan. :slight_smile:

What I have tried to do is give Privileged SeeQueue and Requestor
ShowTicket. I thought that if I did this, everyone who has “Let this
user be granted rights” would be able to see every queue and that
Requestors would only be able to see their own tickets.

This logic works except that the queues will not display in “Quick
search”.

For example, if a user logs in who has these rights and tickets that
they are listed as the Requestor of, they cannot see any queues in
"Quick search"–even if they click Edit, there are no queues listed
to be selected. If the same user, however, goes to Simple Search and
types in their email address, their tickets appear and they can view
the them–the query executed is “( Requestor LIKE ‘name@domain.tld’ )”

Are there any fallacies in the way that I’m thinking about this?

On Jun 7, 2008, at 9:49 AM, Ruslan Zakirov wrote:

Here is logic. To be a requestor user has to request something, but to
do that he should be able to see a queue. So it’s strange to grant
SeeQueue right to Requestor roles.

The truth is that we even don’t check user’s relations with tickets
when we check rights on queues.

On Fri, Jun 6, 2008 at 4:16 AM, Tom Smith aliase573201@mac.com wrote:

Hi All,

I’m trying to configure permissions in RT so that everyone can see
every queue but only see those tickets that they are listed as
Requestor or Owner on.

If I assign the rights SeeQueue and ShowTicket to Privileged, they
can see every queue and every ticket on the system. If I assign these
same rights to Requestor (and remove them from Privileged), they
can’t see any of the queues and can see their tickets only if they
search for them.

Ideally, I’d like everyone to be able to see every queue listed in
the “Quick search” section of “RT at a glance” but only be able to
see tickets that they Own or Requested.

Can anyone offer any help for achieving this?

~ Tom


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


Best regards, Ruslan.


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com