We are using RT 3.8.7 and I want to allow my privileged users to save
the searches that they want. In order to do that, I granted the
following GLOBAL rights to my PRIVILEGED users:
I thought that it would be enough but actually it isn’t. Some users came
to me claiming that they can save searches as members of their groups,
but they couldn’t save personal searches (as “My saved searches”). I
have done some research and I have concluded that in order to save
personal searches, I also have to grant the global “ModifySelf” right.
This behaviour is strange to me. I don’t want my users to grant
"ModifySelf" because I don’t want them to be able to change their email
addresses, but I want them to be able to save their personal searches.
Isn’t it an odd behaviour?
As an extra in case you are interested, I explain why I don’t want to
grant “ModifySelf” right: I authenticate users through apache and pam
and I get their personal information through a LDAP server, which has
their usernames, emails, and so on. Every user’s email (formed by his
nickname) has an alias, which is what I get from LDAP. Our aliases
follow some kind of standard for the whole institution, so it is easy to
know which is the alias email of a user knowing his real name. Hence, I
don’t want to allow my users to modify their nicknames and password in
RT because it wouldn’t have any effect. I also don’t want to allow them
to modify their email addresses in RT, because they would mess
everything and privileged users couldn’t “a priori” know if a particular
user is using his real email or his alias.
Hope to hear from people in Best Practical.
Carlos Garcï¿½a Montoro
| __ __ | Carlos Garcï¿½a Montoro Ingeniero Informï¿½tico
|_Y/| Instituto de Fï¿½sica Corpuscular Centro Mixto CSIC - UV
|_] [/| Servicios Informï¿½ticos
|  | Edificio Institutos de Investigaciï¿½n firstname.lastname@example.org
|C S I C| Apartado de Correos 22085 E-46071 Valencia Tel: +34 963543706
|______| Espaï¿½a / Spain Fax: +34 963543488
cgarcia.vcf (441 Bytes)