Hi,
We are using RT 3.8.7 and I want to allow my privileged users to save
the searches that they want. In order to do that, I granted the
following GLOBAL rights to my PRIVILEGED users:
-CreateSavedSearch
-EditSavedSearch
-LoadSavedSearches
-ShowSavedSearches
I thought that it would be enough but actually it isn’t. Some users came
to me claiming that they can save searches as members of their groups,
but they couldn’t save personal searches (as “My saved searches”). I
have done some research and I have concluded that in order to save
personal searches, I also have to grant the global “ModifySelf” right.
This behaviour is strange to me. I don’t want my users to grant
“ModifySelf” because I don’t want them to be able to change their email
addresses, but I want them to be able to save their personal searches.
Isn’t it an odd behaviour?
As an extra in case you are interested, I explain why I don’t want to
grant “ModifySelf” right: I authenticate users through apache and pam
and I get their personal information through a LDAP server, which has
their usernames, emails, and so on. Every user’s email (formed by his
nickname) has an alias, which is what I get from LDAP. Our aliases
follow some kind of standard for the whole institution, so it is easy to
know which is the alias email of a user knowing his real name. Hence, I
don’t want to allow my users to modify their nicknames and password in
RT because it wouldn’t have any effect. I also don’t want to allow them
to modify their email addresses in RT, because they would mess
everything and privileged users couldn’t “a priori” know if a particular
user is using his real email or his alias.
Hope to hear from people in Best Practical.
Best wishes,
Carlos Garc�a Montoro
| __ __ | Carlos Garc�a Montoro Ingeniero Inform�tico
|_Y/| Instituto de F�sica Corpuscular Centro Mixto CSIC - UV
|_] [/| Servicios Inform�ticos
| [] | Edificio Institutos de Investigaci�n cgarcia@ific.uv.es
|C S I C| Apartado de Correos 22085 E-46071 Valencia Tel: +34 963543706
|______| Espa�a / Spain Fax: +34 963543488
cgarcia.vcf (441 Bytes)
I forgot to say that the message that my users receive when they try to
save a search as a personal search is. If helps, it is:
Results: Can’t find a saved search to work with. Failed to create search
attribute.
Regards
Carlos Garcia Montoro wrote:
Hi,
We are using RT 3.8.7 and I want to allow my privileged users to save
the searches that they want. In order to do that, I granted the
following GLOBAL rights to my PRIVILEGED users:
-CreateSavedSearch
-EditSavedSearch
-LoadSavedSearches
-ShowSavedSearches
I thought that it would be enough but actually it isn’t. Some users came
to me claiming that they can save searches as members of their groups,
but they couldn’t save personal searches (as “My saved searches”). I
have done some research and I have concluded that in order to save
personal searches, I also have to grant the global “ModifySelf” right.
This behaviour is strange to me. I don’t want my users to grant
“ModifySelf” because I don’t want them to be able to change their email
addresses, but I want them to be able to save their personal searches.
Isn’t it an odd behaviour?
As an extra in case you are interested, I explain why I don’t want to
grant “ModifySelf” right: I authenticate users through apache and pam
and I get their personal information through a LDAP server, which has
their usernames, emails, and so on. Every user’s email (formed by his
nickname) has an alias, which is what I get from LDAP. Our aliases
follow some kind of standard for the whole institution, so it is easy to
know which is the alias email of a user knowing his real name. Hence, I
don’t want to allow my users to modify their nicknames and password in
RT because it wouldn’t have any effect. I also don’t want to allow them
to modify their email addresses in RT, because they would mess
everything and privileged users couldn’t “a priori” know if a particular
user is using his real email or his alias.
Hope to hear from people in Best Practical.
Best wishes,
Carlos Garc�a Montoro
The rt-users Archives
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com
2010 RT Training Sessions!
San Francisco, CA, USA - Feb 22 & 23
Dublin, Ireland - Mar 15 & 16
Boston, MA, USA - April 5 & 6
Washington DC, USA - Oct 25 & 26
Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
| __ __ | Carlos Garc�a Montoro Ingeniero Inform�tico
|_Y/| Instituto de F�sica Corpuscular Centro Mixto CSIC - UV
|_] [/| Servicios Inform�ticos
| [] | Edificio Institutos de Investigaci�n cgarcia@ific.uv.es
|C S I C| Apartado de Correos 22085 E-46071 Valencia Tel: +34 963543706
|______| Espa�a / Spain Fax: +34 963543488
cgarcia.vcf (441 Bytes)