Thank you for writing. Apparently the Privileged global system group has
Super User and Delegate Rights, plus every other right set up. I tried
removing all the rights, so just Show Ticket and See Queue were
available. I was then going to grant more rights on a group by group
and/or user by user basis for those users who really need them.
Unfortunately, I cannot revoke Super User and Delegate Rights from the
Privileged global system group. So, when I create a user, with just See
type rights, they can do anything they want (I did not place them in any
group other than checking the box “Let this user be granted rights”). By
the way, when I look in Rights Matrix, everything is set to “Y” for this
user. I also checked the various queues, and the Privileged group has no
rights, and the same goes for the user accounts. The privileges are
assigned only at the global group level. We set up a global group for
each queue; again the test user was not assigned to any group.
One other observation, the NULL account, user id #1 is assign the Super
User privilege, is this supposed be right? I tried to revoke it and RT
will not let me do it.
I did not set up RT originally, as the privilege set up was a carry over
from the RT 2 system. I knew this was a bit of a mess, I just did not
really know who much a mess it was.
Anyway, what should be the defaults for the Everyone, Unprivileged and
Privileged global system groups? Do I need to be logged into a special
account to revoke Super User and Delegate rights from the Privileged
global system group? I guess the next question, is this something I
really want to do?
Any insight would be greatly appreciated.
Consulting System Administrator
DigitalGlobe ®, An Imaging and Information Company
http://www.digitalglobe.comFrom: Todd Chapman [mailto:email@example.com]
Sent: Wednesday, June 14, 2006 2:02 PM
To: Nick Metrowsky
Subject: Re: [rt-users] Proper way to set up a read-only user
I would like to set up users in RT which grant them the rights to view
tickets and queues, but they cannot change anything. I would like them
to have a user id and password, like privileged users. Is there a way
do this? I noticed that the Everyone and Unprivileged user designation
allows users to only use the SelfService menu and that is just about
Make them privileged but don’t grant them any rights other
thatn See/Show rights.