I want to create a queue that is not visible to the bulk of RT users.
Only a few.
So only a select number of users will have access AND be able to see the
queue.
That means it should only show up in a queue listing for those specific
logins.
I’m sure this can be done with a customised script but can it be done
with existing config options?
Thanks for any help.
Kind regards.
I want to create a queue that is not visible to the bulk of RT users.
Only a few.
So only a select number of users will have access AND be able to see the
queue.
That means it should only show up in a queue listing for those specific
logins.
You could always create a group containing those users, create the queue and give that group and
those users permissions to it.
Sure. Just don’t give the default groups (Everyone, Unprivileged,
Privileged) SeeQueue or ShowTicket or anything like that. That’s the
nice thing about the RT ACLs is that they start very restrictive, and
you can ease it as much as you want. It won’t show up in Quick Search
or in “New ticket in” or anything like that for anyone but those you
explicitly give permission to.
Sure. Just don’t give the default groups (Everyone, Unprivileged,
Privileged) SeeQueue or ShowTicket or anything like that. That’s the
nice thing about the RT ACLs is that they start very restrictive, and
you can ease it as much as you want. It won’t show up in Quick Search
or in “New ticket in” or anything like that for anyone but those you
explicitly give permission to.
I have an existing queue ‘test’ that has all those groups showing ‘no
rights granted’
How can I remove the rights that they have, if I wanted to restrict the
‘test’ queue to only a few users or just one group?
It seems that by default the groups you mentioned have the rights to
view the ‘test’ queue.
I want to create a queue that is not visible to the bulk of RT users.
Only a few.
So only a select number of users will have access AND be able
to see the
queue.
That means it should only show up in a queue listing for
those specific
logins.
I’m sure this can be done with a customised script but can it be done
with existing config options?
Thanks for any help.
Kind regards.
If they have not rights granted, then I am not sure why they are
seeing it, unless the people who are able to see it are members of
another group that does have the privileges. The priv system is
pretty straightforward, you shouldn’t have too much trouble. By
default, nobody has any access to a brand new queue, you have to
explicity add the access. At least, this is true for 3.4.x. Are you
running a different version, perhaps?
I’m running 3.4.4.
I’ve created a new queue and it is visible to anyone in the
priviledged group by default.
Maybe there’s a configuration option that does that (include rights for
the priviledged group to any new queue).
I’ll have to work it out.
Any other suggestions appreciated.
Thanks for your help.
Kind regards.
Luke.
------------------------------------------------------------------------
*From:* Luke Vanderfluit [mailto:lvanderf@internode.com.au]
*Sent:* Tuesday, January 31, 2006 2:41 PM
*To:* Schultz, Eric
*Subject:* Re: [rt-users] secret queues with restricted access
Hi Eric.
That sounds great.
Schultz, Eric wrote:
Sure. Just don’t give the default groups (Everyone, Unprivileged,
Privileged) SeeQueue or ShowTicket or anything like that. That’s the
nice thing about the RT ACLs is that they start very restrictive, and
you can ease it as much as you want. It won’t show up in Quick Search
or in “New ticket in” or anything like that for anyone but those you
explicitly give permission to.
I have an existing queue 'test' that has all those groups showing
'no rights granted'
How can I remove the rights that they have, if I wanted to
restrict the 'test' queue to only a few users or just one group?
It seems that by default the groups you mentioned *have* the
rights to view the 'test' queue.
Hope this can be done.
Thanks.
Kind regards.
I want to create a queue that is not visible to the bulk of RT users.
Only a few.
So only a select number of users will have access AND be able
to see the
queue.
That means it should only show up in a queue listing for
those specific
logins.
I’m sure this can be done with a customised script but can it be done
with existing config options?
Thanks for any help.
Kind regards.
There are “global” group and user rights as well as “queue” specific
group and user rights.
Because I want different access for different queues, I set most of my
rights at the queue level (instead of global level).
In order to do what you want you’d grant specific permissions at the
queue level, then revoke grander permissions at the “global” level.
I’d recommend printing out a copy of the page with global permissions
before you mess around with it.
Queue rights: Configuration - Queue - Select the queue you want - group
rights.
Global rights: Configuration - Global - Group rights
Thanks,
Mike
Mike Patterson
Systems Manager
UC Berkeley Extension
There are “global” group and user rights as well as “queue” specific
group and user rights.
Because I want different access for different queues, I set most of my
rights at the queue level (instead of global level).
In order to do what you want you’d grant specific permissions at the
queue level, then revoke grander permissions at the “global” level.
I’d recommend printing out a copy of the page with global permissions
before you mess around with it.
Queue rights: Configuration - Queue - Select the queue you want -
group rights.
Global rights: Configuration - Global - Group rights
That’s it!
I have all my rights configured at a global level, therefore it would
require some work to redo all the rights at a queue/group level.
That’s it!
I have all my rights configured at a global level, therefore it would
require some work to redo all the rights at a queue/group level.
Thanks!
Kind regards.
Luke
I figured out a week or so when messing around with RT that it is
better to not really setup global level rights, especially if you plan
on deviating from the standard way of doing things.
Yep.
My problem now is that redoing the rights requires downtime.
It won’t be as simple as revoking seeQueue and granting at a queue level.
No problem. It must be the shiny new RT Essentials that I got in the
mail today
Not to dampen your enthusiasm, but I found the book disappointing.
It doesn’t discuss pertinent details that I am often looking for.
The section on command-line was helpful to me.
The discussion on how the database works leaves a lot to be desired.
There are many more areas that I would like to see elaborated on.
The book deserves to be 5 times as thick.
Let us know what you think when you’re done reading.
Happy RTing
That’s it!
I have all my rights configured at a global level, therefore it would
require some work to redo all the rights at a queue/group level.
Thanks!
Kind regards.
Luke
I figured out a week or so when messing around with RT that it is
better to not really setup global level rights, especially if you plan
on deviating from the standard way of doing things.
Yep.
My problem now is that redoing the rights requires downtime.
It won’t be as simple as revoking seeQueue and granting at a queue level.
Kind regards.
Luke.
The extension RTx::RightMatrix may help make your rights
related work go faster and easier to make sense of.
That’s it!
I have all my rights configured at a global level, therefore it would
require some work to redo all the rights at a queue/group level.
Thanks!
Kind regards.
Luke
I figured out a week or so when messing around with RT that it is
better to not really setup global level rights, especially if you plan
on deviating from the standard way of doing things.
Yep.
My problem now is that redoing the rights requires downtime.
It won’t be as simple as revoking seeQueue and granting at a queue level.
Kind regards.
Luke.
The extension RTx::RightMatrix may help make your rights
related work go faster and easier to make sense of.