User right to save searches

It appears that for a user to be able to save their searches, I have to give them rights to the preferences tab. I really don’t want them to be able to, for instance, change their passwords, which is under the preferences tab (they authenticate via ldap, and this would change the local password - it would get confusing…)

Am I missing something obvious?

Thanks
Scott

This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the Hearst Service Center (cadmin@hearstsc.com) immediately by email and delete the original message.

Scott,

We grant all the Create, save, edit, etc. search rights to all
privileged users at the global level. Since we only grant the
"SeeQueue", “CreatTicket”, & “ShowTicket” rights to a queue at the Queue
level only, by granting the search rights globally, the actual queues
they can sees defers to the rights granted at the Queue level. Much less
maintenance AND everyone has all the “search” rights to whatever Queue
they can see. Hope this helps.

Kenn
LBNLOn 10/1/2009 8:37 AM, Lander, Scott wrote:

It appears that for a user to be able to save their searches, I have
to give them rights to the preferences tab. I really don’t want them
to be able to, for instance, change their passwords, which is under
the preferences tab (they authenticate via ldap, and this would change
the local password - it would get confusing…)

Am I missing something obvious?

Thanks
Scott


This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the Hearst Service Center (cadmin@hearstsc.com) immediately by email and delete the original message.



http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Ken, Thanks for your reply.

My setup is similar - actually - identical. Although I have given, globally to privileged users, the rights CreateSavedSearch, EditSavedSearch and ShowSavedSearch along with all other rights, they still can’t actually save a search unless I also give them ModifySelf (which presents the preferences tab that I don’t want them to have…)From: Ken Crocker [mailto:kfcrocker@lbl.gov]
Sent: Thursday, October 01, 2009 12:39 PM
To: Lander, Scott
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] User right to save searches

Scott,

We grant all the Create, save, edit, etc. search rights to all privileged users at the global level. Since we only grant the “SeeQueue”, “CreatTicket”, & “ShowTicket” rights to a queue at the Queue level only, by granting the search rights globally, the actual queues they can sees defers to the rights granted at the Queue level. Much less maintenance AND everyone has all the “search” rights to whatever Queue they can see. Hope this helps.

Kenn
LBNL

Scott,

Yea. I can see that. We kind of went around that by the way we use LDAP
for our sign-ons. It doesn’t matter what they do to their password in
"Preferences", it always gets overridden by LDAP. In other words, they
can’t screw it up.

Kenn
LBNLOn 10/1/2009 10:02 AM, Lander, Scott wrote:

Ken, Thanks for your reply.

My setup is similar - actually - identical. Although I have given,
globally to privileged users, the rights CreateSavedSearch,
EditSavedSearch and ShowSavedSearch along with all other rights, they
still can’t actually save a search unless I also give them ModifySelf
(which presents the preferences tab that I don’t want them to have…)


From: Ken Crocker [mailto:kfcrocker@lbl.gov]
Sent: Thursday, October 01, 2009 12:39 PM
To: Lander, Scott
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] User right to save searches

Scott,

We grant all the Create, save, edit, etc. search rights to all
privileged users at the global level. Since we only grant the
"SeeQueue", “CreatTicket”, & “ShowTicket” rights to a queue at the
Queue level only, by granting the search rights globally, the actual
queues they can sees defers to the rights granted at the Queue level.
Much less maintenance AND everyone has all the “search” rights to
whatever Queue they can see. Hope this helps.

Kenn
LBNL

On 10/1/2009 8:37 AM, Lander, Scott wrote:

It appears that for a user to be able to save their searches, I have
to give them rights to the preferences tab. I really don’t want
them to be able to, for instance, change their passwords, which is
under the preferences tab (they authenticate via ldap, and this would
change the local password - it would get confusing…)

Am I missing something obvious?

Thanks
Scott


This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the Hearst Service Center (cadmin@hearstsc.com) immediately by email and delete the original message.



http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the Hearst Service Center (cadmin@hearstsc.com) immediately by email and delete the original message.

Sigh… Yeah, They can’t really modify their passwd in ours either. I just don’t want them thinking they can, either! I can hear it now - I just changed my password, and now it won’t let me in using my new password - Can you reset my password for me, please? 50 times a day…

I am still hoping there might be some way to grant SaveSearch (and, actually get it…) without exposing the preferences tab…From: Ken Crocker [mailto:kfcrocker@lbl.gov]
Sent: Thursday, October 01, 2009 2:55 PM
To: Lander, Scott
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] User right to save searches

Scott,

Yea. I can see that. We kind of went around that by the way we use LDAP for our sign-ons. It doesn’t matter what they do to their password in “Preferences”, it always gets overridden by LDAP. In other words, they can’t screw it up.

Kenn
LBNL

Scott,

Maybe if you found the code that displays the User Preference edit
screen, you could insert code to display a line that says no matter what
they do, their changes to password will be ignored. That’s about the
only thing I can think of right now.

Kenn
LBNLOn 10/1/2009 12:02 PM, Lander, Scott wrote:

Sigh… Yeah, They can’t really modify their passwd in ours either.
I just don’t want them thinking they can, either! I can hear it now

  • I just changed my password, and now it won’t let me in using my new
    password - Can you reset my password for me, please? 50 times a
    day…

I am still hoping there might be some way to grant SaveSearch (and,
actually get it…) without exposing the preferences tab…


From: Ken Crocker [mailto:kfcrocker@lbl.gov]
Sent: Thursday, October 01, 2009 2:55 PM
To: Lander, Scott
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] User right to save searches

Scott,

Yea. I can see that. We kind of went around that by the way we use
LDAP for our sign-ons. It doesn’t matter what they do to their
password in “Preferences”, it always gets overridden by LDAP. In other
words, they can’t screw it up.

Kenn
LBNL

On 10/1/2009 10:02 AM, Lander, Scott wrote:

Ken, Thanks for your reply.

My setup is similar - actually - identical. Although I have given,
globally to privileged users, the rights CreateSavedSearch,
EditSavedSearch and ShowSavedSearch along with all other rights, they
still can’t actually save a search unless I also give them ModifySelf
(which presents the preferences tab that I don’t want them to have…)


From: Ken Crocker [mailto:kfcrocker@lbl.gov]
Sent: Thursday, October 01, 2009 12:39 PM
To: Lander, Scott
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] User right to save searches

Scott,

We grant all the Create, save, edit, etc. search rights to all
privileged users at the global level. Since we only grant the
"SeeQueue", “CreatTicket”, & “ShowTicket” rights to a queue at the
Queue level only, by granting the search rights globally, the actual
queues they can sees defers to the rights granted at the Queue level.
Much less maintenance AND everyone has all the “search” rights to
whatever Queue they can see. Hope this helps.

Kenn
LBNL

On 10/1/2009 8:37 AM, Lander, Scott wrote:

It appears that for a user to be able to save their searches, I have
to give them rights to the preferences tab. I really don’t want
them to be able to, for instance, change their passwords, which is
under the preferences tab (they authenticate via ldap, and this
would change the local password - it would get confusing…)

Am I missing something obvious?

Thanks
Scott


This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the Hearst Service Center (cadmin@hearstsc.com) immediately by email and delete the original message.



http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the Hearst Service Center (cadmin@hearstsc.com) immediately by email and delete the original message.


This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the Hearst Service Center (cadmin@hearstsc.com) immediately by email and delete the original message.