Privilege only on a ticket but not to the whole queue


#1

I have a group group1' who sometimes drop a ticket from their queueQueue1’ to our queue Queue2' as part of the requirement. Now is it possible to give that groupgroup1’ read/write access only to
the ticket(s) they drop on queue Queue2' and no read or read/write access to other tickets in that queue,Queue2’ ?

Thanks

Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu


#2

Asif,

I don't think so. Unless I am wrong, it is my understanding that rights 

are granted on a “queue” basis and therefore all tickets in that queue.
I’ve never heard of granting rights on a ticket basis. To do that, I
believe it would involve creating another level (by ticket) of
privileges and that would certainly mean modifying the DataBase and the
code that checks privileges. Sounds like an incredibly messing
modification. Why not just give group1 “SeeQueue”, “ShowTicket”,
“ShowOutgoingEmail”, “ShowTicketComments”, and maybe "CommentOnTicket"
rights to Queue2? We like to limit granting the “ModifyTicket” right to
just the ticket owner and the Queue Admin (AdminCc Watcher). It keeps
things from getting messy with a bunch of people updating tickets they
don’t own. Anyway, that’s all I can think of. Hope it helps.

Kenn
LBNLOn 5/27/2008 11:00 AM, Asif Iqbal wrote:

I have a group group1' who sometimes drop a ticket from their queueQueue1’ to our queue Queue2' as part of the requirement. Now is it possible to give that groupgroup1’ read/write access only
to the ticket(s) they drop on queue Queue2' and no read or read/write access to other tickets in that queue,Queue2’ ?

Thanks


Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu http://pgp.mit.edu



http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


#3

Hi Asif,

You could add “group1” to the list of Requestors for the ticket and then
grant Requestors (either globally or within queue2) ShowTicket and
ModifyTicket rights. The Requestors stay with the ticket when it changes
queues. Use a scrip to add group1 to the Requestors when it goes from
queue1 to queue2.

Gene

At 11:00 AM 5/27/2008, Asif Iqbal wrote:

I have a group group1' who sometimes drop a ticket from their queueQueue1’ to our queue Queue2' as part of the requirement. Now is it possible to give that groupgroup1’ read/write access only to
the ticket(s) they drop on queue Queue2' and no read or read/write access to other tickets in that queue,Queue2’ ?

Thanks


Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: http://pgp.mit.edupgp.mit.edu

Gene LeDuc, GSEC
Security Analyst
San Diego State University