The ModifyTicket right gives users the ability to alter lots of things about the ticket, and we want our staff to have most of these so that they can comment, reply, add/delete links to other tickets, add watchers, merge tickets and add/delete custom fields. Some of these have more targeted rights available (eg CommentOnTicket or ReplyToTicket) but not all of them (ie there’s no right for LinkTicketToOtherTickets or MergeTicket as far as I can tell).
However we were wondering if it was possible to stop people modifying a particular field - specifically the priority? By default having ModifyTicket lets users/groups having this right modify any field value, including priority, but we’d like only our Service Desk group and the backend priority escalation cron jobs to be able to tweak this. That way we could have (accidental or otherwise) urgent high priority jobs being set back as a lower priority.
The only obvious way we can see to do is to have local versions of some of the Ticket html that has a bit of Perl in it to check the current user’s group membership, and only allow priority to be changed if the user is in the Service Desk group. This feels a bit hacky, and sort of replicating the purpose of ACLs without actually using an ACL. Is there a better way we’re missing? Or have we run up against a limitation of the rights system as it stands at the moment?