User Administration by Queue

I have RT3.2 up & running, and all is well, however I need to ask for help
on user creation & viewing.

As our company has multiple branches, I have created Queues for each of
them. I have also created 1 user per Queue that is the Administrator of
that particular Que. Each Queue admin needs to be able to add & disable
their own users & have those users be automatically assigned to that Queue
only, however we do not want them to be able to see or create users that are
outside of their Que. The main issue is really that Queue-Admins should not
be able to see existing users & their related data unless that user is
assigned to their Que.

I am hoping that someone has already tackled this issue, or at least got the
ball rolling, and if not. here’s the ball.

Thanks in advance,

Sean Wilburn

Wilburn Consulting

I submitted this a few days back, but to no avail or help. Is there
somewhere else I should be posting?

-Sean WilburnFrom: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Sean Wilburn
Sent: Wednesday, September 08, 2004 9:19 AM
To: 'Users of RT’
Subject: [rt-users] User Administration by Queue

I have RT3.2 up & running, and all is well, however I need to ask for help
on user creation & viewing.

As our company has multiple branches, I have created Queues for each of
them. I have also created 1 user per Queue that is the Administrator of
that particular Que. Each Queue admin needs to be able to add & disable
their own users & have those users be automatically assigned to that Queue
only, however we do not want them to be able to see or create users that are
outside of their Que. The main issue is really that Queue-Admins should not
be able to see existing users & their related data unless that user is
assigned to their Que.

I am hoping that someone has already tackled this issue, or at least got the
ball rolling, and if not. here’s the ball.

Thanks in advance,

Sean Wilburn

Wilburn Consulting

Not all notes get answered, this is a voluntary list.
You can purchase support if you choose.

However, most notes do get answered here, because this community
is very helpful, and I’ll give you my advice.

A user’s existence does not depend on being associated
with a queue. If you can “see” one user (e.g. name, email, phone),
you can see them all. You can restrict what privleges
a given queue adminstrator can assign to a user, but if
you want every admin to be able to 1) create users and
2) assign privs to his queue, then they are all going
to see all the users.

To me, your intended policy seems draconian. But oddly,
I run RT in a way that meets your needs (maybe). I run
multiple instances of RT – separate databases, separate
web pages, separate customizations, separate sets of queues,
separate sets of users (but mostly shared code). I did this
not for privacy in your sense, but because I didn’t want
one department messing with another accidently – no
dueling customizations!

This might not work for you. Downsides:

  1. More complex to install, maintain (and explain).
  2. They really are separate, so you can’t
    transfer tickets from one instance to another.

If this is interesting, see the wiki under MultipleInstances.
Hope this helps.

bobg