Preventing users from viewing other user info

Hi everyone,

I’d like to use this system for my clients to login to and check out the
status of certain projects, but I don’t want them to be able to click the
Configuration link and get information on my other clients through the
Users menu. Is there a way to disable that access?

Thank you!

Sean

Make them non-privileged users. This will force them to the “SelfService” UI
which will only let them see their own tickets.On Thu, Jan 10, 2002 at 02:34:03PM -0500, Sean Hussey wrote:

Hi everyone,

I’d like to use this system for my clients to login to and check out the
status of certain projects, but I don’t want them to be able to click the
Configuration link and get information on my other clients through the
Users menu. Is there a way to disable that access?

Thank you!

Sean


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

http://www.bestpractical.com/products/rt – Trouble Ticketing. Free.

At that point, can they only then view tickets, or can they still comment,
reply, etc?

At 04:14 PM 1/10/2002 -0500, Jesse Vincent wrote:

Hmm, I just gave this a try: I grabbed my user called “mrtest” and set him
up like this:

[x] Let this user access RT
[ ] Let this user be granted rights

Then I logged out, and logged back in as mrtest.

Sure enough, I’m looking at the SelfService interface (I assume that’s what
this is, anyway).

But clicking all the links just leaves me on the same page. Even "logout"
doesn’t work. I’ll have to close my browser session and restart so I can
login as myself again.

Do I have something misconfigured somewhere? In case it matters, mrtest
does not have any open tickets, so nothing is showing up in his limited
screen.

Sorry, answered my own question. Please ignore. Thank you.

At 04:21 PM 1/10/2002 -0500, Sean Hussey wrote:

No, in fact, I haven’t figured this one out yet. I searched the manuals and
the FAQs and found nothing helpful. I searched the mailing list archives
and found a similar question from Jared Greeno on 17 Aug 2001. He didn’t
get an answer, either.

Jared, did you end up figuring this out?

Jesse, throw us a bone here–at least write in and tell us “I dunno, it
works for me”. :slight_smile: It seems that at least three users have run into this
problem.

Oh yeah, since I didn’t say it in my earlier mail:
RT 2.0.11pre
Red Hat 7.1
MySQL 3.23.47
(ummm…anything else you need to know?)From: Paul Gallant [mailto:pgallant@hhnetwk.com]
Sent: Friday, January 11, 2002 5:16 PM
To: Beachey, Kendric
Subject: Re: [rt-users] Preventing users from viewing other user info

Kendric,

I saw your post to the rt-users group (attached below).

I have the same problem with my RT system. Did you ever figure out what the
problem is?
I didn’t see any responses to your question, so I’m hoping you figured it
out yourself.

pg
pgallant@hhnetwk.com

From: Beachey, Kendric
To: Rt-Users (E-mail)
Sent: Thursday, January 10, 2002 4:31 PM
Subject: RE: [rt-users] Preventing users from viewing other user info

Hmm, I just gave this a try: I grabbed my user called “mrtest” and set him
up like this:
[x] Let this user access RT
[ ] Let this user be granted rights
Then I logged out, and logged back in as mrtest.
Sure enough, I’m looking at the SelfService interface (I assume that’s what
this is, anyway).
But clicking all the links just leaves me on the same page. Even "logout"
doesn’t work. I’ll have to close my browser session and restart so I can
login as myself again.
Do I have something misconfigured somewhere? In case it matters, mrtest
does not have any open tickets, so nothing is showing up in his limited
screen.

-----Original Message-----
From: Sean Hussey [mailto:sean@thirteen.net]
Sent: Thursday, January 10, 2002 3:22 PM
To: rt-users@lists.fsck.com
Subject: Re: [rt-users] Preventing users from viewing other user info

At that point, can they only then view tickets, or can they
still comment,
reply, etc?

At 04:14 PM 1/10/2002 -0500, Jesse Vincent wrote:

Make them non-privileged users. This will force them to the
"SelfService" UI
which will only let them see their own tickets.

Hi everyone,

I’d like to use this system for my clients to login to
and check out the

status of certain projects, but I don’t want them to be
able to click the

Configuration link and get information on my other
clients through the

Users menu. Is there a way to disable that access?

Thank you!

Sean

That sounds like a configuration or cookies problem to me.On Mon, Jan 14, 2002 at 08:07:36AM -0600, Beachey, Kendric wrote:

No, in fact, I haven’t figured this one out yet. I searched the manuals and
the FAQs and found nothing helpful. I searched the mailing list archives
and found a similar question from Jared Greeno on 17 Aug 2001. He didn’t
get an answer, either.

Jared, did you end up figuring this out?

Jesse, throw us a bone here–at least write in and tell us “I dunno, it
works for me”. :slight_smile: It seems that at least three users have run into this
problem.

Oh yeah, since I didn’t say it in my earlier mail:
RT 2.0.11pre
Red Hat 7.1
MySQL 3.23.47
(ummm…anything else you need to know?)

-----Original Message-----
From: Paul Gallant [mailto:pgallant@hhnetwk.com]
Sent: Friday, January 11, 2002 5:16 PM
To: Beachey, Kendric
Subject: Re: [rt-users] Preventing users from viewing other user info

Kendric,

I saw your post to the rt-users group (attached below).

I have the same problem with my RT system. Did you ever figure out what the
problem is?
I didn’t see any responses to your question, so I’m hoping you figured it
out yourself.

pg
pgallant@hhnetwk.com

----- Original Message -----
From: Beachey, Kendric
To: Rt-Users (E-mail)
Sent: Thursday, January 10, 2002 4:31 PM
Subject: RE: [rt-users] Preventing users from viewing other user info

Hmm, I just gave this a try: I grabbed my user called “mrtest” and set him
up like this:
[x] Let this user access RT
[ ] Let this user be granted rights
Then I logged out, and logged back in as mrtest.
Sure enough, I’m looking at the SelfService interface (I assume that’s what
this is, anyway).
But clicking all the links just leaves me on the same page. Even "logout"
doesn’t work. I’ll have to close my browser session and restart so I can
login as myself again.
Do I have something misconfigured somewhere? In case it matters, mrtest
does not have any open tickets, so nothing is showing up in his limited
screen.

-----Original Message-----
From: Sean Hussey [mailto:sean@thirteen.net]
Sent: Thursday, January 10, 2002 3:22 PM
To: rt-users@lists.fsck.com
Subject: Re: [rt-users] Preventing users from viewing other user info

At that point, can they only then view tickets, or can they
still comment,
reply, etc?

At 04:14 PM 1/10/2002 -0500, Jesse Vincent wrote:

Make them non-privileged users. This will force them to the
"SelfService" UI
which will only let them see their own tickets.

On Thu, Jan 10, 2002 at 02:34:03PM -0500, Sean Hussey wrote:

Hi everyone,

I’d like to use this system for my clients to login to
and check out the

status of certain projects, but I don’t want them to be
able to click the

Configuration link and get information on my other
clients through the

Users menu. Is there a way to disable that access?

Thank you!

Sean

http://www.bestpractical.com/products/rt – Trouble Ticketing. Free.

From: Jesse Vincent

That sounds like a configuration or cookies problem to me.

Hmm. Just to see what would happen if I cut out cookies altogether, I fired
up lynx and hit RT with that. I logged in as mrtest, as before. It asked
me if I wanted to accept the cookie, and I said no. I ended up at the Self
Service screen. So far, so good. I went and hit the Log Out link. Again I
rejected the cookie. Back to the login screen. Hey! Could this…?

I logged in again, rejecting the cookie, and got back to the Self Service
screen. I tried the Create link, rejecting the cookie. Hey, there’s that
login screen again. Oh. :slight_smile: I guess that wasn’t it.

I tried all this again, but accepted the cookie, and after that, it was just
like hitting it with Mozilla or Konqueror. Every link brought me straight
back to the same screen. I had planned to accept the cookie only once, but
after that first time, it never asked again–I guess I was rejecting the
same cookie over and over in the first scenario.

Oh well…

Kendric