I’m in the process of locking down end-user permissions in our RT install. We want it set up so that users can only do Reply, and Admins can use Comment and Reply. At present, my “end user” can’t see a Comment in a ticket, or an attachment made with a Comment. However, if the user emails the Comment address or uses the Comment in the Action drop-down in the ticket the entry gets made. The proper visibility of the resulting Comment is correct. AFAIK, there are no global permissions for anything (I’m doing it al at the queue level for each queue).
Everyone, Privileged, Unprivileged all have no permissions
End User perms for queue: CreateTicket, SeeQueue
Requestor perms for queue: ReplyToTicket, SeeCustomField, SeeQueue, ShowTicket, ModifyCustomField, ModifyTicket
Did I overlook something?
Stephen J. Cena
Supervisor/Systems Administrator - MIS/IT Dept
Quality Vision International
850 Hudson Ave
Rochester,NY 14620
Phone: 585-544-0450 x300
Please report email problems to: postmaster@qvii.commailto:postmaster@qvii.com
QVII MIS/IT Dept - We do what we must because we can.
“Thank you for helping us help you help us all.”
I believe that a user will unconditionally have commenting ability if they
also have the ModifyTicket right, regardless of the state of their
CommentOnTicket right.
You might be able to swap out ModifyTicket and use some finer-grained
rights in its place, depending on what modifications end users actually
need to make.On 13 February 2015 at 04:06, Cena, Stephen (ext. 300) SJC@qvii.com wrote:
I’m in the process of locking down end-user permissions in our RT
install. We want it set up so that users can only do Reply, and Admins can
use Comment and Reply. At present, my “end user” can’t see a Comment in a
ticket, or an attachment made with a Comment. However, if the user emails
the Comment address or uses the Comment in the Action drop-down in the
ticket the entry gets made. The proper visibility of the resulting Comment
is correct. AFAIK, there are no global permissions for anything (I’m doing
it al at the queue level for each queue).
Everyone, Privileged, Unprivileged all have no permissions
End User perms for queue: CreateTicket, SeeQueue
Requestor perms for queue: ReplyToTicket, SeeCustomField, SeeQueue,
ShowTicket, ModifyCustomField, ModifyTicket
Did I overlook something?
Stephen J. Cena
Supervisor/Systems Administrator - MIS/IT Dept
Quality Vision International
850 Hudson Ave
Rochester,NY 14620
Phone: 585-544-0450 x300
Please report email problems to: postmaster@qvii.com
QVII MIS/IT Dept - We do what we must because we can.
“Thank you for helping us help you help us all.”
Hi,
You might be able to swap out ModifyTicket and use some
finer-grained rights in its place, depending on what modifications
end users actually need to make.
what are the equivalent (separate) rights for ModifyTicket?
regards
DannyFrom: rt-users [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Alex Peters
Sent: Friday, February 13, 2015 1:11 AM
To: Cena, Stephen (ext. 300)
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Prevent users from making Comments on tickets
I believe that a user will unconditionally have commenting ability if they also have the ModifyTicket right, regardless of the state of their CommentOnTicket right.
You might be able to swap out ModifyTicket and use some finer-grained rights in its place, depending on what modifications end users actually need to make.
smime.p7s (2.23 KB)
ModifyTicket is not a strict combination of other rights. I believe that
without ModifyTicket, you must experiment to determine which rights provide
the correct behaviour for your needs.On 13 February 2015 at 17:52, Daniel Schwager Daniel.Schwager@dtnet.de wrote:
Hi,
You might be able to swap out ModifyTicket and use some
finer-grained rights in its place, depending on what modifications
end users actually need to make.
what are the equivalent (separate) rights for ModifyTicket?
regards
Danny
From*:* rt-users [mailto:rt-users-bounces@lists.bestpractical.com] *On
Behalf Of *Alex Peters
Sent: Friday, February 13, 2015 1:11 AM
To: Cena, Stephen (ext. 300)
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Prevent users from making Comments on tickets
I believe that a user will unconditionally have commenting ability if they
also have the ModifyTicket right, regardless of the state of their
CommentOnTicket right.
You might be able to swap out ModifyTicket and use some finer-grained
rights in its place, depending on what modifications end users actually
need to make.
On 13 February 2015 at 04:06, Cena, Stephen (ext. 300) SJC@qvii.com wrote:
I’m in the process of locking down end-user permissions in our RT install.
We want it set up so that users can only do Reply, and Admins can use
Comment and Reply. At present, my “end user” can’t see a Comment in a
ticket, or an attachment made with a Comment. However, if the user emails
the Comment address or uses the Comment in the Action drop-down in the
ticket the entry gets made. The proper visibility of the resulting Comment
is correct. AFAIK, there are no global permissions for anything (I’m doing
it al at the queue level for each queue).
Thanks to Alex Peters, Daniel Schwager, and Kenneth Crocker for their input on my question. I’m going to take a look at the book sections Kenneth sent (I’ve purchased the book), and go over the permissions as all have suggested. What’s killing me right now is I only have the production system to work with.
Stephen J. Cena
Supervisor/Systems Administrator - MIS/IT Dept
Quality Vision International
850 Hudson Ave
Rochester,NY 14620
Phone: 585-544-0450 x300
Please report email problems to: postmaster@qvii.commailto:postmaster@qvii.com
QVII MIS/IT Dept - We do what we must because we can.
“Thank you for helping us help you help us all.”