Problems with security on rt?

Ok, I am a longtime gnats users switching over to RT due to the lack of
inter-customer security on gnats.

I am trying to set things up so that one customer being supported in RT
knows nothing about the other customers being supported including
customer information.

Howver I seem to have an issue with version 2.0.14. My customer can
find out about each other even though they can not see the queues.

How, log in as user on web interface, click cofiguration, click users,
click any privilege user.

Alternately is there a way just to put users in groups and not have them
be able to access configuration?

Other issue that I am still working out, is how to get email to go to a
particular queue, all email tickets seem to end up in the (now renamed)
general queue.

Ted Serryen
Serreyn Network Services
http://www.serreyn.com/

Yesterday Ted Serreyn wrote:

My customer can find out about each other even though they can not see
the queues.

How, log in as user on web interface, click cofiguration, click users,
click any privilege user.

It’s relatively straightforward to hide the configuration link (and it’s
been asked several times before – search the archives, February this
year in particular I think (but I’m going from memory there)).

For what it’s worth this is what we have on our homepage to provide the
config link only to users who are able to admin at least something:

% foreach my $admin_right (qw) {
% if ($session{‘CurrentUser’}->HasSystemRight(“Admin$admin_right”)) {

  • configuration

  • % last;
    % }
    % }

    That however doesn’t stop somebody ‘RT’-savvy from appending "/Admin/"
    to her/his URL manually. I expect that similar code could be deployed
    at the top of all admin pages to redirect (or die horribly, or
    something) for insufficiently priviledged users.

    Other issue that I am still working out, is how to get email to go to
    a particular queue, all email tickets seem to end up in the (now
    renamed) general queue.

    What’s the ‘RT’ bit of your /etc/aliases look like?

    Smylers
    GBdirect