Hi All,
I’m new to RT and trying to make it work in following manner -
-
There should be only one queue called ‘Support’. This is because we
have too many clients and is a management call…
-
Multiple clients using same queue to create tickets.
-
No client should be able to access another client’s tickets. Example
- Client A should not be able to access client B’s tickets.
And this is what I’ve done so far -
-
Add a custom field ‘Client’ at user level.
-
Create a group for each ‘Client’ and add all users belonging to the
client to their respective group.
-
OnCreate scrip to add the group as ‘Cc’ to the ticket and grant
‘ShowTicket’ to the ‘Cc’ role.
This results in -
-
User belonging to group A cannot see tickets raised by any user of
group B on the ‘Open tickets’ page. So the segregation works here.
-
But if a user of group A searches for a ticket (by ticket number) he
gets to see all the ticket details hence defeating restriction we needed
in place.
Please take a look at the OnCreate script on pastebin
http://pastebin.com/4G7mFDP8 and help me understand what is wrong with
this approach.
Thanks for help!
Regards,
Rajesh
Hi All,
I’m new to RT and trying to make it work in following manner -
-
There should be only one queue called ‘Support’. This is because we have too many clients
and is a management call…
-
Multiple clients using same queue to create tickets.
-
No client should be able to access another client’s tickets. Example - Client A should not
be able to access client B’s tickets.
And this is what I’ve done so far -
-
Add a custom field ‘Client’ at user level.
-
Create a group for each ‘Client’ and add all users belonging to the client to their
respective group.
-
OnCreate scrip to add the group as ‘Cc’ to the ticket and grant ‘ShowTicket’ to the ‘Cc’
role.
This results in -
-
User belonging to group A cannot see tickets raised by any user of group B on the ‘Open
tickets’ page. So the segregation works here.
-
But if a user of group A searches for a ticket (by ticket number) he gets to see all the
ticket details hence defeating restriction we needed in place.
You’ve granted ShowTicket too widely, check your ACL configurations.
Especially for Everyone and Unprivileged groups.
-kevin
Hi All,
I'm new to RT and trying to make it work in following manner -
1. There should be only one queue called 'Support'. This is because we have too many clients
and is a management call...
2. Multiple clients using same queue to create tickets.
3. No client should be able to access another client's tickets. Example - Client A should not
be able to access client B's tickets.
And this is what I've done so far -
1. Add a custom field 'Client' at user level.
2. Create a group for each 'Client' and add all users belonging to the client to their
respective group.
3. OnCreate scrip to add the group as 'Cc' to the ticket and grant 'ShowTicket' to the 'Cc'
role.
This results in -
1. User belonging to group A cannot see tickets raised by any user of group B on the 'Open
tickets' page. So the segregation works here.
2. But if a user of group A searches for a ticket (by ticket number) he gets to see all the
ticket details hence defeating restriction we needed in place.
You’ve granted ShowTicket too widely, check your ACL configurations.
Especially for Everyone and Unprivileged groups.
-kevin
Thanks for your response. I’ve double checked and there are no rights
granted to Everyone and Unprivileged groups. The user defined groups
only have CreateTicket and SeeQueue rights. I’m using version 4.0.5.
Please let me know if there is something else I’m missing. Thanks.
Regards,
Rajesh
Hi All,
I’m new to RT and trying to make it work in following manner -
-
There should be only one queue called ‘Support’. This is because we have too many clients
and is a management call…
-
Multiple clients using same queue to create tickets.
-
No client should be able to access another client’s tickets. Example - Client A should not
be able to access client B’s tickets.
And this is what I’ve done so far -
-
Add a custom field ‘Client’ at user level.
-
Create a group for each ‘Client’ and add all users belonging to the client to their
respective group.
-
OnCreate scrip to add the group as ‘Cc’ to the ticket and grant ‘ShowTicket’ to the ‘Cc’
role.
This results in -
-
User belonging to group A cannot see tickets raised by any user of group B on the ‘Open
tickets’ page. So the segregation works here.
-
But if a user of group A searches for a ticket (by ticket number) he gets to see all the
ticket details hence defeating restriction we needed in place.
You’ve granted ShowTicket too widely, check your ACL configurations.
Especially for Everyone and Unprivileged groups.
Thanks for your response. I’ve double checked and there are no
rights granted to Everyone and Unprivileged groups. The user defined
groups only have CreateTicket and SeeQueue rights. I’m using version
4.0.5. Please let me know if there is something else I’m missing.
If users can see the tickets, then they’ve picked up ShowTicket from
somewhere. It may be time for you to poke in the ACL table and see
where ShowTicket has been handed out.
-kevin