Separating users from different queues

Hi,

I recently installed rt 2.0.12 on a box to handle tickets for different
products/tasks of
my employer with external users of other companies. Well, after some
installation it
worked pretty well - congratulations to the developers for the effort
since 1.x versions of rt!

After some in-depth usage, I have some unsolved issues left:

  1. I want to keep one single instance of rt for several different queues
  • that works well so far.
    But I need to keep users from one queue away from reading tickets in
    other queues, while
    I do not want to keep them from tickets in their own queue. I did not
    get this with playing
    around with rights at the pseudo-groups level. Then I created a
    "member"-group for each queue
    and gave “SeeQueue” and “Showticket” for the specific group and cleared
    all rights for
    pseudo-groups - but the ticket seach pages/home of priviledged users
    obviously does
    not care about these rights and always shows all queues and allows
    direct jump to tickets
    by entering ticket numbers.
    So I can not keep tickets related to one queue secret to users of
    another queue, which is a
    major problem to me in some cases.
    I’m not quite sure whether this is this a bug in the find/browse
    WebUI-Module or a feature to
    open rt contents to the world, but I would be really glad, if someone
    could give me a hint
    here how to fix this easily!
  1. Privileged users with not much privileges (see 1.) get the full
    complexity of the
    administrators Web-UI - which is not neccessary. Isn’t there a simple
    way to give my usergroup
    members an easier view to let them search, browse and enter tickets as
    unprivileged users?

  2. Administering several queues on a single instance of rt is not
    possible as far as I can see.
    If I had access to the wishlist I would enter:
    :smiley:
    "make all WebUI-Templates specific to the (virtual) host name of the web
    server and place
    the host name within the data base, too. This way one could have several
    queues with
    same Web-UI within a single vhost, and create several vhosts to handle
    different
    WebUIs. This should not be difficult if a copy of each of the WebUIs is
    just placed in
    a subdirectory with the vhosts name."

Thank you in advance for any help!

Manfred

EMail: Manfred.Bathelt@epost.de

Hi Manfred,

Manfred Bathelt wrote:

Hi,

  1. I want to keep one single instance of rt for several different queues
  • that works well so far.
    But I need to keep users from one queue away from reading tickets in
    other queues, while
    I do not want to keep them from tickets in their own queue. I did not
    get this with playing
    around with rights at the pseudo-groups level. Then I created a
    "member"-group for each queue
    and gave “SeeQueue” and “Showticket” for the specific group and cleared
    all rights for
    pseudo-groups - but the ticket seach pages/home of priviledged users
    obviously does
    not care about these rights and always shows all queues and allows
    direct jump to tickets
    by entering ticket numbers.
    So I can not keep tickets related to one queue secret to users of
    another queue, which is a
    major problem to me in some cases.
    I’m not quite sure whether this is this a bug in the find/browse
    WebUI-Module or a feature to
    open rt contents to the world, but I would be really glad, if someone
    could give me a hint
    here how to fix this easily!

I’m working on a search function for my “underprivileged users” (see
2.),
where users only can search their queues, their tickets and the tickets
of
their external group.

  1. Privileged users with not much privileges (see 1.) get the full
    complexity of the
    administrators Web-UI - which is not neccessary. Isn’t there a simple
    way to give my usergroup
    members an easier view to let them search, browse and enter tickets as
    unprivileged users?

may be a solution like the one I had described in
http://lists.fsck.com/pipermail/rt-users/2002-April/007922.html
may help you.

If you have a new user, you have to create him “privileged”, put him
into a real group with access to a queue or two. Then take away the
privileged flag and if he has a X_-Nickname (as an external group), he
has only access to the queues he would be privileged for, but only in a
Web-UI like the SelfService.
And he can see only his tickets and the tickets others of his group have
requested. There are also things possible like:

User : cust A cust B (same X_ group)
Real Groups: XXX,ZZZ YYY,ZZZ
Queue acces: 1 and 3 2 and 3

Searching is not implemented yet. But my collegues are forcing me to
make it real soon :slight_smile:

greetings
Harald
Dr. Harald Koll�ra
Professional Services
fun communications GmbH
Brauerstrasse 6 76135 Karlsruhe Germany
Tel: +49 721 964480 Fax: +49 721 96448-299
email: harald.kollera@fun.de http://www.fun.de/

I trust in http://www.keytrust.de