Open tickets for certain domain-email-adresses

Hi,

we have a queue in our RT that nobody should see except the
Queue-Admins. But we need about 100 Users to open Tickets via email in
that queue, their email-addresses have all the same domain name.

Since the Users can change it would be to much hassle to look through
all the users again and again to get them their own accounts and put
them in a certain group.

I don’t want to give “Everybody” the right to “open a Ticket” because
then all other Users who can log in the RT could open a Ticket in that
Queue via the Quick Ticket opening thing on the top right corner.

Has anybody an idea to solve this problem? I couldn’t find the answer
anywhere so far.

Thanks and regards,

Violetta

________________________________ creating IT solutions
Violetta J. Wawryk science + computing ag
IT-Service Hagellocher Weg 73
phone +49 7071 9457 282 72070 Tuebingen, Germany
fax +49 7071 9457 211 www.science-computing.de
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Roland Niemeier,
Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Michel Lepert
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196

Violetta,

I can help, but it's still not clear to me what you want. You say 

you only want the Admins (I’m assuming here you mean the AdminCc Watcher
for the Queue) to “See the Queue” and then you mention something about
the users “can change it”. Change what? If you only want AdminCcs to see
the queue, how do you expect a User to see a ticket and change it. I’m
confused. I can tell you how to set the privileges so that the USers can
create tickets via Email and NOT see the Queue, but I really do not
understand what you’re looking for. Please give me a more concise
description of your Queue setup/usage and what you want and then I can
help.

Kenn
LBNLOn 5/7/2009 1:40 AM, Violetta J. Wawryk wrote:

Hi,

we have a queue in our RT that nobody should see except the
Queue-Admins. But we need about 100 Users to open Tickets via email in
that queue, their email-addresses have all the same domain name.

Since the Users can change it would be to much hassle to look through
all the users again and again to get them their own accounts and put
them in a certain group.

I don’t want to give “Everybody” the right to “open a Ticket” because
then all other Users who can log in the RT could open a Ticket in that
Queue via the Quick Ticket opening thing on the top right corner.

Has anybody an idea to solve this problem? I couldn’t find the answer
anywhere so far.

Thanks and regards,

Violetta

Hi Ken,

thanks for replying.

I will try to describe it more clearly.

The RT has different Queues, let’s say Queue A and Queue B.

We don’t want the AdminCCs of queue A to know about the existents of
queue B and vice versa. This is possible because we don’t allow
"Everybody" to “Open Tickets” in the certain Queues, just the group
"AdminCCforQueueA" for queue A and group “AdminCCforQueueB” for queue B.
Otherwise they could see the Ticket in RT on the top right corner where
it says “New Ticket in” (hope you know what I mean).

But there are still Requestors for queue B that are not AdminCCs, they
will not login to the RT to look at their Tickets. Since they are more
than 100 of them, and there EMail addresses end with the same domain
name we hoped there would be the possibility of a wild card. So every
Requestor that writes to that queue and has that domainname can open a
Ticket.

I hope this makes it more clear now.

Thanks,
Violetta

Ken Crocker schrieb:

Violetta,

I can help, but it’s still not clear to me what you want. You say you
only want the Admins (I’m assuming here you mean the AdminCc Watcher for
the Queue) to “See the Queue” and then you mention something about the
users “can change it”. Change what? If you only want AdminCcs to see the
queue, how do you expect a User to see a ticket and change it. I’m
confused. I can tell you how to set the privileges so that the USers can
create tickets via Email and NOT see the Queue, but I really do not
understand what you’re looking for. Please give me a more concise
description of your Queue setup/usage and what you want and then I can
help.

Kenn
LBNL
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Roland Niemeier,
Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Michel Lepert
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196

Violetta,

Makes good sense to me. Question, if those requestors are NOT going 

to login to RT, how are they going to “open” a ticket? If you have
"CommandByMail" set up, they could do it via Email. If not, why not have
the “Owners” of the tickets open them? I guess where I am confused is
the activity you are expecting from the requestors and owners. What we
do is:

Globally grant:

* Requestors;
      o "ReplyToTicket" (so they can communicate via email to the owner)
      o "SeeQueue" (so they can see what tickets are in a queue)
      o "ShowTicket" (so they can SEE THEIR Ticket in the queue)
* Owners;
      o "ModifyTicket" (all owners can automatically modify a ticket
        they own. Keeps redundancy of this right at the queue level
        down)

By Queue grant:

* Support team/group (those that work on the ticket);
      o "CommentOnTicket" (anyone in the group might have an idea
        that helps)
      o "CreateTicket" (anyone in the group may need to create a
        sub-task/child ticket)
      o "OwnTicket" (anyone in the group can take/steal/own a ticket)
      o "ReplyToTicket" (anyone in the group can communicate via
        email on a ticket)
      o "SeeQueue" (intuitively obvious)
      o "ShowOutgoingEmail" (anyone in the group can see the
        communication going on in a ticket)
      o "ShowTicket" (anyone in the group can look at a ticket in
        the queue)
      o "ShowTicketComments" (same as above, only about comments)
      o "StealTicket" (goes with ownership)
      o "TakeTicket" (same thing as above)
      o "Watch" (intuitively obvious)
* User group (all those damn requestors)
      o "CreateTicket" (anyone in the group can create a ticket)
      o "ReplyToTicket" (anyone in the group can communicate via
        email on a ticket)
      o "SeeQueue" (intuitively obvious. They have to see it to
        create a ticket via Web)
      o "ShowOutgoingEmail" (anyone in the group can see the
        communication going on in a ticket. This could be given JUST
        to the Requestor of the queue, if you do not want other
        requestors seeing email in other tickets in the queue)
      o "ShowTicket" (anyone in the group can look at a ticket in
        the queue or jsut the requestors in the queue. see above)
      o "ShowTicketComments" (same as above, only about comments.
        Could keep this at the requestor level as well)
      o "Watch" (intuitively obvious)


That's what we do, but our granularity of control may be different 

than yours, especially if your requestors are NOT signing into RT.

I hope this helps.

Kenn
LBNLOn 5/14/2009 1:45 AM, Violetta J. Wawryk wrote:

Hi Ken,

thanks for replying.

I will try to describe it more clearly.

The RT has different Queues, let’s say Queue A and Queue B.

We don’t want the AdminCCs of queue A to know about the existents of
queue B and vice versa. This is possible because we don’t allow
"Everybody" to “Open Tickets” in the certain Queues, just the group
"AdminCCforQueueA" for queue A and group “AdminCCforQueueB” for queue B.
Otherwise they could see the Ticket in RT on the top right corner
where it says “New Ticket in” (hope you know what I mean).

But there are still Requestors for queue B that are not AdminCCs, they
will not login to the RT to look at their Tickets. Since they are more
than 100 of them, and there EMail addresses end with the same domain
name we hoped there would be the possibility of a wild card. So every
Requestor that writes to that queue and has that domainname can open a
Ticket.

I hope this makes it more clear now.

Thanks,
Violetta

Ken Crocker schrieb:

Violetta,

I can help, but it’s still not clear to me what you want. You say
you only want the Admins (I’m assuming here you mean the AdminCc
Watcher for the Queue) to “See the Queue” and then you mention
something about the users “can change it”. Change what? If you only
want AdminCcs to see the queue, how do you expect a User to see a
ticket and change it. I’m confused. I can tell you how to set the
privileges so that the USers can create tickets via Email and NOT see
the Queue, but I really do not understand what you’re looking for.
Please give me a more concise description of your Queue setup/usage
and what you want and then I can help.

Kenn
LBNL

Hi Ken,

  • User group (all those damn requestors)
    o “CreateTicket” (anyone in the group can create a ticket)

That exactly is the Problem. How can I define who is in that Usergroup
without adding manually all that 100 requestors with their emailadress?

Regards,

Violetta

Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Roland Niemeier,
Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Michel Lepert
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196

Violetta,

At the moment, I don't know. I'm not sure there is an easy way to do 

this. You would have to identify a condition that would “catch” these
particular requestors (maybe a domain name from their email, or
something like that) and then create some action code that would add
them to a defined group. I have a different problem where I want to
populate a CF with UserIDs of new additions to a specific group. I
haven’t had the time to sit down and analyze the Transaction data to get
my condition info, but I think it is doable with a lot of DB research on
the Transaction and Groups Tables. You may need to get some real good
perl help on this and I’m only a beginner perl guy. Sorry.

Kenn
LBNLOn 5/15/2009 7:22 AM, Violetta J. Wawryk wrote:

Hi Ken,

  • User group (all those damn requestors)
    o “CreateTicket” (anyone in the group can create a ticket)

That exactly is the Problem. How can I define who is in that Usergroup
without adding manually all that 100 requestors with their emailadress?

Regards,

Violetta