Proper way to set up a read-only user

Nick_Metrowsky · June 14, 2006, 4:22pm

Hi Everyone,

I would like to set up users in RT which grant them the rights to view
tickets and queues, but they cannot change anything. I would like them
to have a user id and password, like privileged users. Is there a way to
do this? I noticed that the Everyone and Unprivileged user designation
allows users to only use the SelfService menu and that is just about it.

Any ideas would be most welcome.

Take care!

Nick

Nick Metrowsky

Consulting System Administrator

303-684-4785 Office

303-684-4100 Fax

nmetrowsky@digitalglobe.com mailto:nmetrowsky@digitalglobe.com

DigitalGlobe (r), An Imaging and Information Company

http://www.digitalglobe.com http://www.digitalglobe.com

Kenn_Crocker · June 14, 2006, 5:42pm

Nick Metrowsky wrote:

Hi Everyone,

I would like to set up users in RT which grant them the rights to view
tickets and queues, but they cannot change anything. I would like them
to have a user id and password, like privileged users. Is there a way
to do this? I noticed that the Everyone and Unprivileged user
designation allows users to only use the SelfService menu and that is
just about it.

Any ideas would be most welcome.

Take care!

Nick

---------------------------------------------------------------------------------

Nick Metrowsky**

Consulting System Administrator**

303-684-4785 Office**

303-684-4100 Fax**

nmetrowsky@digitalglobe.com mailto:nmetrowsky@digitalglobe.com**

DigitalGlobe ®, An Imaging and Information Company

http://www.digitalglobe.com

---------------------------------------------------------------------------------

The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

We’re hiring! Come hack Perl for Best Practical: Careers — Best Practical Solutions
Nick,

Everyone already INCLUDES unprivileged so giving both is redundant.

Kenn

Todd_Chapman1 · June 14, 2006, 8:01pm

Hi Everyone,

I would like to set up users in RT which grant them the rights to view
tickets and queues, but they cannot change anything. I would like them
to have a user id and password, like privileged users. Is there a way to
do this? I noticed that the Everyone and Unprivileged user designation
allows users to only use the SelfService menu and that is just about it.

Make them privileged but don’t grant them any rights other
thatn See/Show rights.

-Todd

Nick_Metrowsky · June 14, 2006, 9:20pm

Hi Todd,

Thank you for writing. Apparently the Privileged global system group has
Super User and Delegate Rights, plus every other right set up. I tried
removing all the rights, so just Show Ticket and See Queue were
available. I was then going to grant more rights on a group by group
and/or user by user basis for those users who really need them.
Unfortunately, I cannot revoke Super User and Delegate Rights from the
Privileged global system group. So, when I create a user, with just See
type rights, they can do anything they want (I did not place them in any
group other than checking the box “Let this user be granted rights”). By
the way, when I look in Rights Matrix, everything is set to “Y” for this
user. I also checked the various queues, and the Privileged group has no
rights, and the same goes for the user accounts. The privileges are
assigned only at the global group level. We set up a global group for
each queue; again the test user was not assigned to any group.

One other observation, the NULL account, user id #1 is assign the Super
User privilege, is this supposed be right? I tried to revoke it and RT
will not let me do it.

I did not set up RT originally, as the privilege set up was a carry over
from the RT 2 system. I knew this was a bit of a mess, I just did not
really know who much a mess it was.

Anyway, what should be the defaults for the Everyone, Unprivileged and
Privileged global system groups? Do I need to be logged into a special
account to revoke Super User and Delegate rights from the Privileged
global system group? I guess the next question, is this something I
really want to do?

Any insight would be greatly appreciated.

Take care!

Nick

Nick Metrowsky
Consulting System Administrator
303-684-4785 Office
303-684-4100 Fax
nmetrowsky@digitalglobe.com
DigitalGlobe (r), An Imaging and Information Company
http://www.digitalglobe.comFrom: Todd Chapman [mailto:todd@chaka.net]
Sent: Wednesday, June 14, 2006 2:02 PM
To: Nick Metrowsky
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Proper way to set up a read-only user

Hi Everyone,

I would like to set up users in RT which grant them the rights to view
tickets and queues, but they cannot change anything. I would like them
to have a user id and password, like privileged users. Is there a way
to
do this? I noticed that the Everyone and Unprivileged user designation
allows users to only use the SelfService menu and that is just about
it.

Make them privileged but don’t grant them any rights other
thatn See/Show rights.

-Todd

Todd_Chapman1 · June 15, 2006, 4:28pm

Hi Todd,

Thank you for writing. Apparently the Privileged global system group has
Super User and Delegate Rights, plus every other right set up. I tried
removing all the rights, so just Show Ticket and See Queue were
available. I was then going to grant more rights on a group by group
and/or user by user basis for those users who really need them.
Unfortunately, I cannot revoke Super User and Delegate Rights from the
Privileged global system group. So, when I create a user, with just See

That is really broken. If you can’t do that then all bets are off.

type rights, they can do anything they want (I did not place them in any
group other than checking the box “Let this user be granted rights”). By
the way, when I look in Rights Matrix, everything is set to “Y” for this
user. I also checked the various queues, and the Privileged group has no
rights, and the same goes for the user accounts. The privileges are
assigned only at the global group level. We set up a global group for
each queue; again the test user was not assigned to any group.

One other observation, the NULL account, user id #1 is assign the Super
User privilege, is this supposed be right? I tried to revoke it and RT
will not let me do it.

Not sure about that.

I did not set up RT originally, as the privilege set up was a carry over
from the RT 2 system. I knew this was a bit of a mess, I just did not
really know who much a mess it was.

Anyway, what should be the defaults for the Everyone, Unprivileged and
Privileged global system groups? Do I need to be logged into a special
account to revoke Super User and Delegate rights from the Privileged
global system group? I guess the next question, is this something I
really want to do?

You need to be logged in as root and make sure root has SuperUser,
then you can revoke rights from Everyone/Priv, and Unpriv. I’m pretty
sure they have no rights by default.