Hi,
I’ve got a question regarding RT-rights.
RT (3.6.4) has been working fine, I’ve setup various queues and the
SelfService Interface worked.
Recently, we had to have a customer with the right to see all the
tickets in “his” queue (and only see his queue).
I did this by removing the “SeeQueue” right from “Everybody” and
creating a group for this one privileged user of the customer, who can
see only this queue.
But as a result (of revoking the “SeeQueue”-right from “Everybody”, the
users of the SelfService interface can no longer open tickets in the
interface, because they can’t see (and set) the queue.
Has anybody got an idea how to solve this problem?
On a related note, the SelfService Interface doesn’t show any option to
sort/search the tickets.
I’ve just got open tickets / closed tickets.
Is there a way to show a better interface that allows SelfService users
to better sort their tickets?
cheers,
Rainer
Rainer,
Yes, there are a couple different ways. One is to create a user group
for each queue (named appropriately) followed by granting the “SeeQueue”
right to each individual queue for it’s corresponding user group. In
essence, just what you did for that one queue/group, do for the others
only you can give the right to “Everybody” in the other queues. That’s
one way. You can also grant the “ShowTicket” and “ReplyToEmail”
privileges as well to these groups. This will allow them to actually
“SEE” the info in their tickets in the queue, not just create them, and
to “Reply” as well in case there is some correspondence. This will keep
other users from other queues/groups from creating/seeing/replying to
tickets in a queue they are not associated with. We have over 50 support
queues and VERY FEW Global rights granted.
You can also be even more restrictive by using the role “Requestor” for
some of these rights to keep users in a common group form getting
involved in tickets they didn’t create.
Hope this helps.
Kenn
LBNLOn 9/26/2007 2:31 AM, Rainer Duffner wrote:
Hi,
I’ve got a question regarding RT-rights.
RT (3.6.4) has been working fine, I’ve setup various queues and the
SelfService Interface worked.
Recently, we had to have a customer with the right to see all the
tickets in “his” queue (and only see his queue).
I did this by removing the “SeeQueue” right from “Everybody” and
creating a group for this one privileged user of the customer, who can
see only this queue.
But as a result (of revoking the “SeeQueue”-right from “Everybody”, the
users of the SelfService interface can no longer open tickets in the
interface, because they can’t see (and set) the queue.
Has anybody got an idea how to solve this problem?
On a related note, the SelfService Interface doesn’t show any option to
sort/search the tickets.
I’ve just got open tickets / closed tickets.
Is there a way to show a better interface that allows SelfService users
to better sort their tickets?
cheers,
Rainer
The rt-users Archives
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com
Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Rainer,
Yes, there are a couple different ways. One is to create a user
group for each queue (named appropriately) followed by granting the
“SeeQueue” right to each individual queue for it’s corresponding
user group. In essence, just what you did for that one queue/group,
do for the others only you can give the right to “Everybody” in the
other queues. That’s one way. You can also grant the “ShowTicket”
and “ReplyToEmail” privileges as well to these groups. This will
allow them to actually “SEE” the info in their tickets in the
queue, not just create them, and to “Reply” as well in case there
is some correspondence. This will keep other users from other
queues/groups from creating/seeing/replying to tickets in a queue
they are not associated with. We have over 50 support queues and
VERY FEW Global rights granted.
I’ve not granted Global rights either (apart from save searches,
IIRC). But “Everybody” is everybody.
You can also be even more restrictive by using the role
“Requestor” for some of these rights to keep users in a common
group form getting involved in tickets they didn’t create.
Hope this helps.
After thinking about it some more (which usually happens after one
posts), I assigned the right “SeeQueue” to the “Unprivileged” System
Group.
This way, privileged users from other queues will not be able to see
the queue, but unprivileged SelfService users should be able to use
it just as if the right was granted to “Everybody”.
I don’t want to create too many groups - even with RightsMatrix, it
can become very unwieldily, IMO.
I also wanted to create as few queues as possible…
cheers,
Rainer
Rainer Duffner
CISSP, LPI, MCSE
rainer@ultra-secure.de