Violetta,
Makes good sense to me. Question, if those requestors are NOT going
to login to RT, how are they going to “open” a ticket? If you have
“CommandByMail” set up, they could do it via Email. If not, why not have
the “Owners” of the tickets open them? I guess where I am confused is
the activity you are expecting from the requestors and owners. What we
do is:
Globally grant:
* Requestors;
o "ReplyToTicket" (so they can communicate via email to the owner)
o "SeeQueue" (so they can see what tickets are in a queue)
o "ShowTicket" (so they can SEE THEIR Ticket in the queue)
* Owners;
o "ModifyTicket" (all owners can automatically modify a ticket
they own. Keeps redundancy of this right at the queue level
down)
By Queue grant:
* Support team/group (those that work on the ticket);
o "CommentOnTicket" (anyone in the group might have an idea
that helps)
o "CreateTicket" (anyone in the group may need to create a
sub-task/child ticket)
o "OwnTicket" (anyone in the group can take/steal/own a ticket)
o "ReplyToTicket" (anyone in the group can communicate via
email on a ticket)
o "SeeQueue" (intuitively obvious)
o "ShowOutgoingEmail" (anyone in the group can see the
communication going on in a ticket)
o "ShowTicket" (anyone in the group can look at a ticket in
the queue)
o "ShowTicketComments" (same as above, only about comments)
o "StealTicket" (goes with ownership)
o "TakeTicket" (same thing as above)
o "Watch" (intuitively obvious)
* User group (all those damn requestors)
o "CreateTicket" (anyone in the group can create a ticket)
o "ReplyToTicket" (anyone in the group can communicate via
email on a ticket)
o "SeeQueue" (intuitively obvious. They have to see it to
create a ticket via Web)
o "ShowOutgoingEmail" (anyone in the group can see the
communication going on in a ticket. This could be given JUST
to the Requestor of the queue, if you do not want other
requestors seeing email in other tickets in the queue)
o "ShowTicket" (anyone in the group can look at a ticket in
the queue or jsut the requestors in the queue. see above)
o "ShowTicketComments" (same as above, only about comments.
Could keep this at the requestor level as well)
o "Watch" (intuitively obvious)
That's what we do, but our granularity of control may be different
than yours, especially if your requestors are NOT signing into RT.
I hope this helps.
Kenn
LBNLOn 5/14/2009 1:45 AM, Violetta J. Wawryk wrote:
Hi Ken,
thanks for replying.
I will try to describe it more clearly.
The RT has different Queues, let’s say Queue A and Queue B.
We don’t want the AdminCCs of queue A to know about the existents of
queue B and vice versa. This is possible because we don’t allow
“Everybody” to “Open Tickets” in the certain Queues, just the group
“AdminCCforQueueA” for queue A and group “AdminCCforQueueB” for queue B.
Otherwise they could see the Ticket in RT on the top right corner
where it says “New Ticket in” (hope you know what I mean).
But there are still Requestors for queue B that are not AdminCCs, they
will not login to the RT to look at their Tickets. Since they are more
than 100 of them, and there EMail addresses end with the same domain
name we hoped there would be the possibility of a wild card. So every
Requestor that writes to that queue and has that domainname can open a
Ticket.
I hope this makes it more clear now.
Thanks,
Violetta
Ken Crocker schrieb:
Violetta,
I can help, but it’s still not clear to me what you want. You say
you only want the Admins (I’m assuming here you mean the AdminCc
Watcher for the Queue) to “See the Queue” and then you mention
something about the users “can change it”. Change what? If you only
want AdminCcs to see the queue, how do you expect a User to see a
ticket and change it. I’m confused. I can tell you how to set the
privileges so that the USers can create tickets via Email and NOT see
the Queue, but I really do not understand what you’re looking for.
Please give me a more concise description of your Queue setup/usage
and what you want and then I can help.
Kenn
LBNL