Initial Rights

I just installed RT 3.2.2 for the first time and I don’t know if I’m
having an issue or not. I spent a long time getting SQLite to work
(mostly permissions issues), but now it seems to.

However, there are no rights provided to anything by default. That is,
every screen I go to that lists rights shows nothing other than “No
Rights Granted”. Is this correct? Am I required to manually assign
things as menial as “CreateTicket”? Or were there supposed to be
default permissions that didn’t get applied?

Thanks,

-Bitt

I just installed RT 3.2.2 for the first time and I don’t know if I’m
having an issue or not. I spent a long time getting SQLite to work
(mostly permissions issues), but now it seems to.

However, there are no rights provided to anything by default. That is,
every screen I go to that lists rights shows nothing other than “No
Rights Granted”. Is this correct? Am I required to manually assign
things as menial as “CreateTicket”? Or were there supposed to be
default permissions that didn’t get applied?

Thanks,

-Bitt

How is RT supposed to know which rights are appropriate for
your organization? Yes, you have to grant the rights.

Todd Chapman wrote:

Am I required to manually assign things as menial as
“CreateTicket”? Or were there supposed to be default permissions
that didn’t get applied?

How is RT supposed to know which rights are appropriate for your
organization? Yes, you have to grant the rights.

Well, obviously. I’d have thought there might have been some very basic
ones, though, at least for the Privileged group.

As long as I’m not recreating something that should already have been
done, that’s fine.

Thanks for the quick response.

-Bitt

William Faulk wrote:

Well, obviously. I’d have thought there might have been some very basic
ones, though, at least for the Privileged group.

I think you might not understand what the “privilaged” and
“unprivilaged” groups mean in RT. “Privilaged” users are not users with
admin or special rights, they are mearly users that can be assigned
rights and can be members of groups. “Unprivilaged” users cannot be
assigned rights directly (though they can inherit rights assigned to
Everyone, Unprivilaged, and Requestor groups) or be a member of a user
defined group.

Joby Walker
C&C Computer Operations Software Support Group

William Faulk wrote:

Well, obviously. I’d have thought there might have been some very basic
ones, though, at least for the Privileged group.

I think you might not understand what the “privilaged” and
“unprivilaged” groups mean in RT. “Privilaged” users are not users with
admin or special rights, they are mearly users that can be assigned
rights and can be members of groups. “Unprivilaged” users cannot be
assigned rights directly (though they can inherit rights assigned to
Everyone, Unprivilaged, and Requestor groups) or be a member of a user
defined group.

I’d suggest, for RT4 maybe?, that these groups be renamed “Registered users” and
“Unregistered users”, as this seems to more clearly reflect their provenance.

Cheers,
– jra
Jay R. Ashworth jra@baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274

  If you can read this... thank a system adminstrator.  Or two.  --me

Learning how rights work, and assigning them appropriately, is the first
and most important task of learning to be an RT admin :slight_smile:

But it’s not so bad. As a rough start, you can use Configuration,
Global, Group Rights to give all privileged users a set of starting
rights. That will get you up and running. I recommend:

CommentOnTicket
CreateTicket
EditSavedSearches
ModifySelf
ModifyTicket
OwnTicket
ReplyToTicket
SeeQueue
ShowOutgoingEmail
ShowSavedSearches
ShowTicket
ShowTicketComments
StealTicket
TakeTicket
Watch
WatchAsAdminCc

As you develop your RT installation, you’ll probably want to move away
from Global rights and grant rights on a queue-by-queue or
group-by-group basis. Or both. That way you can compartmentalize your
privileged users into different groups so they don’t step on each
others’ work.

-Bitt

Rick Russell
For computer help, call xHELP (x4357 or 713-348-4357)
OpenPGP/GnuPG Public Key at ldap://certificate.rice.edu
761D 1C20 6428 580F BD98 F5E5 5C8C 56CA C7CB B669
Helpdesk Supervisor, Client Services
IT/Academic & Research Computing
Rice University
Voice: 713.348.5267 Fax: 713.348.6099

Learning how rights work, and assigning them appropriately, is the first
and most important task of learning to be an RT admin :slight_smile:

You bet. But some hints aren’t a bad thing, and you provide them
below.

But it’s not so bad. As a rough start, you can use Configuration,
Global, Group Rights to give all privileged users a set of starting
rights. That will get you up and running. I recommend:

CommentOnTicket
CreateTicket
EditSavedSearches
ModifySelf
ModifyTicket
OwnTicket
ReplyToTicket
SeeQueue
ShowOutgoingEmail
ShowSavedSearches
ShowTicket
ShowTicketComments
StealTicket
TakeTicket
Watch
WatchAsAdminCc

And here, you sort of suggest inadvertantly something that’s been
running through my head: I think it would be useful if there were a way
to save ‘permission slips’: named groupings of permissions that you
commonly apply to people in various categories.

Group permissions can do some of this, but I suspect not all the things
that the more general approach would make possible.

Being able to subtract permissions would be a help, as well.

Cheers,
– jra
Jay R. Ashworth jra@baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274

  If you can read this... thank a system adminstrator.  Or two.  --me