[rt-users] Permissions for Queue Admins
Hi, Our RT installation has recently had a large influx of new queues and groups, and I'd like to delegate some of the day-to-day maintenance of things to certain people within those groups so that I'm not doing data entry for everyone. For each logical group of folks, I've created an "Admins" group, for example: "Engineering RT Admins", "Humanities RT Admins" and so on. In global rights, I've given that group access to "Show Admin Menu", "View Scrips" and "View Scrip Templates" and "Allow writing Perl code in templates, scrips, etc". For each engineering queue, I've given that group full control - all boxes are checked in the queue configuration under "group rights" for that queue, primarily so they can modify their scrips and templates. For each engineering group, I've given that group full control as well, so that they can add and remove members as needed. My question has a few parts: 1. Are there any other "global" rights that I should be assigning these folks? Are there any dangers/pitfalls to consider in this kind of configuration? 2. Is there any way to trim down the "Admin" menu so that it only shows things that the person has access to? 3. On the admin pages that list groups and queues, the system paginates as though the user can see all 100 or so queues and groups, but they have to go to page 3 to get see their queues/groups; pages 1 and 2 show up in the pager, but have no content, as the users don't have access to queues/groups displayed on those pages. Can this be cleaned up so that the system only paginates for the queues and groups that the user has access to? 4. Is it possible to give someone the ability to edit a queue's scrips and templates without also allowing them to edit everything else about the queue? Changing queue names breaks our sendmail configuration, so I'd like to prevent them from doing that if at all possible. 5. Is there anything else I should be tracking while delegating this sort of access to other folks? -- Tim Gustafson t...@ucsc.edu 831-459-5354 Baskin Engineering, Room 313A
Re: [rt-users] Permissions on Customfield for CommandByEmail
pls ignore. those CF's are not the ones needing updating. something else is up On 09/12/16 20:49, Woody - Wild Thing Safaris wrote: HI All, I'm trying to set a custom field on create using the headers X-RT-Command: CF.{PNR}: 12345678 X-RT-Command: CF.{Surname}: Bloggs logs show: [7552] [Fri Dec 9 17:35:30 2016] [debug]: Got command customfield{pnr} => 12345678 (/var/www/xxx/local/plugins/RT-Extension-CommandByMail/lib/RT/Extension/CommandByMail.pm:383) [7552] [Fri Dec 9 17:35:30 2016] [debug]: Got command customfield{surname} => Bloggs (/var/www/xxx/local/plugins/RT-Extension-CommandByMail/lib/RT/Extension/CommandByMail.pm:383) [7552] [Fri Dec 9 17:35:31 2016] [debug]: Permission denied. User #469290 has no SeeCustomField right on CF #37 (/var/www/sxxx/sbin/../lib/RT/CustomField.pm:1053) [7552] [Fri Dec 9 17:35:31 2016] [debug]: Permission denied. User #469290 has no SeeCustomField right on CF #83 (/var/www/xxx/sbin/../lib/RT/CustomField.pm:1053) i actually want to "set initial value" for the custom field i have granted "Everyone" the SeeCustomField and ModifyCustomField right for both fields. I have also granted "SeeCustomField" and "ModifyCustomField" to Everyone for the Queue. Is there a higher ranking right that i need for that right to exist? or is there a "set initial value" right somewhere? thanks, as always, in advance w. -- --- Richard Wood (Woody) Managing Director Wild Thing Safaris Ltd. UK: 2B Habbo St, Greenwich, London Dar es Salaam: 5 Ethan St, Mbezi beach Arusha: 3 Ebeneezer Rd, Njiro PO BOX 34514 DSM Office: +255 (0) 222 617 166 Office Mobile: +255 (0) 773 503 502 Direct: +255 742 373 327 Skype: woody1tz http://wildthingsafaris.com - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Los Angeles - January 9-11 2017
[rt-users] Permissions on Customfield for CommandByEmail
HI All, I'm trying to set a custom field on create using the headers X-RT-Command: CF.{PNR}: 12345678 X-RT-Command: CF.{Surname}: Bloggs logs show: [7552] [Fri Dec 9 17:35:30 2016] [debug]: Got command customfield{pnr} => 12345678 (/var/www/xxx/local/plugins/RT-Extension-CommandByMail/lib/RT/Extension/CommandByMail.pm:383) [7552] [Fri Dec 9 17:35:30 2016] [debug]: Got command customfield{surname} => Bloggs (/var/www/xxx/local/plugins/RT-Extension-CommandByMail/lib/RT/Extension/CommandByMail.pm:383) [7552] [Fri Dec 9 17:35:31 2016] [debug]: Permission denied. User #469290 has no SeeCustomField right on CF #37 (/var/www/sxxx/sbin/../lib/RT/CustomField.pm:1053) [7552] [Fri Dec 9 17:35:31 2016] [debug]: Permission denied. User #469290 has no SeeCustomField right on CF #83 (/var/www/xxx/sbin/../lib/RT/CustomField.pm:1053) i actually want to "set initial value" for the custom field i have granted "Everyone" the SeeCustomField and ModifyCustomField right for both fields. I have also granted "SeeCustomField" and "ModifyCustomField" to Everyone for the Queue. Is there a higher ranking right that i need for that right to exist? or is there a "set initial value" right somewhere? thanks, as always, in advance w. -- --- Richard Wood (Woody) Managing Director Wild Thing Safaris Ltd. UK: 2B Habbo St, Greenwich, London Dar es Salaam: 5 Ethan St, Mbezi beach Arusha: 3 Ebeneezer Rd, Njiro PO BOX 34514 DSM Office: +255 (0) 222 617 166 Office Mobile: +255 (0) 773 503 502 Direct: +255 742 373 327 Skype: woody1tz http://wildthingsafaris.com - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Los Angeles - January 9-11 2017
Re: [rt-users] Permissions to let a user administer a queue
I added the ShowACL and ModifyAcl permissions to the admincc, even tried assigning them to the user manually, even as a global right, but still i can't see the system groups. -- View this message in context: http://requesttracker.8502.n7.nabble.com/Permissions-to-let-a-user-administer-a-queue-tp58608p58622.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Permissions to let a user administer a queue
Finally resolved it. I decided to turn on all rights to the user on a global level and turning them off one by one. Turns out i had to enable SeeQueue as a global right. I am thinking unprivileged, privileged, everyone are internal groups therefore i needed the permission. However, now the user can see any group and know the group's members, but he can't mess with the other group. That's not what i want, however i can live with it, and i can sort of understand why it works this way. You need to view every group in order to assign them permissions. For me it would have made for sense for the admincc to be able to do everything with a queue without requiring a global right. Users shouldn't be able to know which users are inside a group, and i can't see a way to deny outside users this right from the other group itself. So, to recap, here is what i did: -Assign a specific user ShowConfigTab and SeeQueue -Add group A to queue A and grant all permissions in that queue for that group. I hope this helps someone, but i am hoping my solution is actually wrong and there's a better way to do this, but i can't see it. After all, i needed to enable just 2 permissions to fix my issue. -- View this message in context: http://requesttracker.8502.n7.nabble.com/Permissions-to-let-a-user-administer-a-queue-tp58608p58623.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Permissions to let a user administer a queue
On Fri, Sep 26, 2014 at 06:12:13AM -0700, fleon wrote: Turns out i had to enable SeeQueue as a global right. I am thinking unprivileged, privileged, everyone are internal groups therefore i needed the permission. SeeQueue or SeeGroup? If you really fixed this with SeeQueue, then your complaint is very confusing to me. You should file a feature request to make the Everyone/Privileged/Unprivileged and Role groups visible on Queue rights pages for Queue admins (users without SuperUser). -kevin pgpvkxEbflAMi.pgp Description: PGP signature -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Permissions to let a user administer a queue
I am very sorry, you are right, i had to enable SeeGroup. I am glad that you see that this can be improved. I filed bug 30416. http://issues.bestpractical.com/Ticket/Display.html?id=30416 -- View this message in context: http://requesttracker.8502.n7.nabble.com/Permissions-to-let-a-user-administer-a-queue-tp58608p58629.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
[rt-users] Permissions to let a user administer a queue
Hello, i am having a hard time setting permissions correctly. I have a queue for the development guys, created a group for the developers to join. I want one of those developers to have rights to administer everything relating to that queue. So i added the user to the group, gave permissions to the group and gave the specific user adminqueue The problem is that when the user logs in he doesn't have any way to admin the queue. I searched the forum and one guy had the same problem, and it was suggested to make an admin group and gave that group ShowConfigTab, but if i give that permission then they can see every option in the admin menu, the name of all queues and a bunch of other things they shouldn't have. So far, i added every permission to the user i want both in the group and in the queue. I just want the queue to be administered by one user, and that user to also be able to add /remove people from the group that was created to handle the tickets in that queue. Can someone help? Thanks in advance -- View this message in context: http://requesttracker.8502.n7.nabble.com/Permissions-to-let-a-user-administer-a-queue-tp58608.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Permissions to let a user administer a queue
i decided to enable ShowConfigTab and then revoke all rights on the privileged group to the other queue. That other queue only has rights for requesters and users of their own group. So far i think it's working, the user sees all menus but can only see his queue, can't create or modify other queues (he can't even see them). He can also add users to the group he belongs to. The only thing missing is that the system groups are not being shown inside the queue, so he can't set permissions on them: System Everyone (not shown) Privileged (not shown) Unprivileged (not shown) Roles AdminCc (not shown) Cc (not shown) Owner (not shown) Requestor (not shown) He only sees his group belonging to his queue. What i am missing so he can set the permissions to the system and role groups? -- View this message in context: http://requesttracker.8502.n7.nabble.com/Permissions-to-let-a-user-administer-a-queue-tp58608p58613.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Permissions Questions
Ray, Yep. It also depends on where you saved those group searches and the Group permissipns you gave to members of those groups. Group permissions are different than Queue/Ticket permissions. For example, you could give members of Group 2 the rights to see/modify, load, etc Group2 searches but NOT give those rights to members of the other groups. Then Ray, being a member of all 3 groups, would only see the searches saved under Group2. If those searches are all the same, then you could save those searches are RT Global searches and NOT saved as Group searches and then Ray would only see them once. It really boils down to how you have your Queues and Groups set up. If you segregate enough, you can create groups that are combinations of other groups and then grant rights appropriately. There's all kindsof configurations you can play with if you set up the Queues/Groups relationships correctly. I could answer more definitively if I knew what groups need to see what information in what Queues. The kinds of overlaps in information and searches, etc. Hope this helps. Kenn On Wed, Feb 20, 2013 at 7:25 AM, Raymond Corbett raymond.corb...@arcproductions.com wrote: Hello all. ** ** Great system. Slowly I am getting my head around permissions. However I have a problem with this situation: ** ** I have a User: Ray ** ** Ray is a member of 3 groups: **· **Group Q1 **· **Group Q2 **· **Group Q3 ** ** These Groups all watch the following Queues: **· **Q1 **· **Q2 **· **Q3 ** ** Each of these Queues have saved searches associated with them. ** ** I now want a Dashboard, let’s say it will be called Ray’s Q2 Dashboard. * *** ** ** I want to see the saved searches portal here but I would like it to show only the Q2 saved searches. ** ** Since Ray watches all three queues, I find that I am getting the Save Searches showing for all the 3 Queues. ** ** Possible to do with the correct Permission settings? ** ** ** ** ** ** [image: ARC] http://www.arcproductions.com/ *Ray Corbett Technology Projects Manager** p:** **416.682.5200 x5232 | f: 416.682.5209 Arc Productions Ltd. | 230 Richmond Street East | Toronto, ON M5A 1P4 www.arcproductions.com* ** ** -- RT training in Amsterdam, March 20-21: http://bestpractical.com/services/training.html Help improve RT by taking our user survey: https://www.surveymonkey.com/s/N23JW9T image001.gif -- RT training in Amsterdam, March 20-21: http://bestpractical.com/services/training.html Help improve RT by taking our user survey: https://www.surveymonkey.com/s/N23JW9T
[rt-users] Permissions
How do you restrict a user from seeing a specific queue even exists? How do you restrict a privileged account from seeing anything other than the tickets they have requested?
Re: [rt-users] Permissions
Josh, For Queues, don't grant any permissions for Queues at the Global level. Grant them for Roles or User-defined groups. for restricting privileged users from seeing tickets they have NOT requested, then grant ShowTicket to the Role of Requestor, either for a specific Queue or GLobally, if you want that kind of restriction applied globally. These answers are found in a couple RT books. Try to get them and read them. Like reading an owners manual for a complicated piece of machinery. Hope this helps. Kenn On Tue, Aug 28, 2012 at 10:00 AM, Josh Hopkins j...@prorivertech.comwrote: How do you restrict a user from seeing a specific queue even exists? How do you restrict a privileged account from seeing anything other than the tickets they have requested?
[rt-users] Permissions in RT 4.0.6
Hi All - Looking at the new permissions (rights) screen in 4.0.6 and it looks really good! Although it has me a little confused. It looks like on any rights page i see General Rights, Rights for Staff, and Rights for Administrators. What deems someone staff and/or administrators and who does General rights get applies to? Thanks! -- Max McGrath Network Administrator Carthage College 262-552-5512 mmcgr...@carthage.edu
Re: [rt-users] Permissions in RT 4.0.6
On Fri, Jun 8, 2012 at 7:51 PM, Max McGrath mmcgr...@carthage.edu wrote: Hi All - Looking at the new permissions (rights) screen in 4.0.6 and it looks really good! Although it has me a little confused. It looks like on any rights page i see General Rights, Rights for Staff, and Rights for Administrators. What deems someone staff and/or administrators and who does General rights get applies to? These are just grouping of the rights into groups. Rights usually granted to Staff, to administrators and rights general enough to be granted to anybody. Thanks! -- Max McGrath Network Administrator Carthage College 262-552-5512 mmcgr...@carthage.edu -- Best regards, Ruslan.
[rt-users] permissions in v4 versus v3.8.7
Greetings, We are working towards migrating our RT installation from v3.8.7 to v4.0.4, but have encountered an issue with permissions. We have a queue(maintenance) that gets many requests daily and often fills up the Newest Unowned section of the RT at a Glance. In v3.8.7 we were able to give everyone create ticket rights to the maintenance queue but not view rights. This resulted in everyone being able to submit to the maintenance queue but not see the unowned tickets. In version 4 I have the same settings but the unowned tickets are showing even if the view queue is not selected. Is this still possible in version 4? Am I missing something obvious? Thanks. --Dale --- Dale Poulter Automation Coordinator Library Information Technology Services Vanderbilt University 419 21st Avenue South, Room 812 Nashville, TN 37203-2427 (615)343-5388 (615)343-8834 (fax) (615)207-9705 (cell) dale.poul...@vanderbilt.edumailto:dale.poul...@vanderbilt.edu RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
Re: [rt-users] permissions in v4 versus v3.8.7
On 01/04/2012 04:07 PM, Poulter, Dale wrote: In version 4 I have the same settings but the unowned tickets are showing even if the “view queue” is not selected. Is this still possible in version 4? Am I missing something obvious? Thanks. I'm betting you don't actually have the same rights setup. View Queue is SeeQueue, and that only controls the visibility of the queue _name_. ShowTicket is the right that lets people see tickets in a queue. You probably have it granted too widely. Thomas RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
Re: [rt-users] permissions in v4 versus v3.8.7
Thanks for the help. This did seem to correct the issue, strange though that it worked in 3.8.7. -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Thomas Sibley Sent: Wednesday, January 04, 2012 3:13 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] permissions in v4 versus v3.8.7 On 01/04/2012 04:07 PM, Poulter, Dale wrote: In version 4 I have the same settings but the unowned tickets are showing even if the “view queue” is not selected. Is this still possible in version 4? Am I missing something obvious? Thanks. I'm betting you don't actually have the same rights setup. View Queue is SeeQueue, and that only controls the visibility of the queue _name_. ShowTicket is the right that lets people see tickets in a queue. You probably have it granted too widely. Thomas RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012 RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
Re: [rt-users] Permissions question
I figured out what I was doing wrong. Thanks, Kenn. From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kenneth Crocker Sent: Friday, November 25, 2011 5:25 PM To: RT User List Subject: Re: [rt-users] Permissions question Mike, I'm not sure what you mean by logged in as a GROUP member. You log in as a User and you are either in a group or you are not. The thing about saved searches is this; all groups have rights associated with them, giving members certain rights that pertain to any searches saved under that group. If you are a member of that group, you will have those rights. You should look at what groups you are a member of (go to Tools-Config-Users-memberships) and then look at what rights are given to members of those groups. That'll do for a start. hope this helps. Kenn On Fri, Nov 25, 2011 at 12:19 PM, mja...@guesswho.commailto:mja...@guesswho.com wrote: The next question about permissions. I've given my NetOps user group global rights to CreateSavedSearch, LoadSavedSearch, ShowSavedSearches, and EditSavedSearches. Still, when I log on to RT (4.0.4) as a group member and go to Tickets - New Search and select NetOps's Saved Searches in the Privacy dropdown, none of the saved searches show in the Load dropdown. I must be partway there, because under Logged in as mjames - Settings - Saved Searches, I can see the NetOps saved search. I can't load it or run it from there, however. What am I missing? Mike From: rt-users-boun...@lists.bestpractical.commailto:rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.commailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of mja...@guesswho.commailto:mja...@guesswho.com Sent: Friday, November 25, 2011 10:29 AM To: rt-users@lists.bestpractical.commailto:rt-users@lists.bestpractical.com Subject: Re: [rt-users] Permissions question Thanks, Kenn. That worked. From: rt-users-boun...@lists.bestpractical.commailto:rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com]mailto:[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kenneth Crocker Sent: Wednesday, November 23, 2011 4:28 PM To: RT User List Subject: Re: [rt-users] Permissions question Mike, The correct navigation would be Tools-Config-Global-Group Rights where you then pick a system group, role, or add a User-defined Group. Kenn On Wed, Nov 23, 2011 at 1:17 PM, mja...@guesswho.commailto:mja...@guesswho.com wrote: RT 4.0.4 How do I give a group rights to create/delete/view Saved Searches? As root, I went to Tools..Configuration..Groups and selected my group. I tried different combinations of Group and User Rights, but still the group members can't see/create/delete Saved Searches. Also, when logged in as a group member, I don't see the About Me item under Logged in as Mike. Still wrapping my head around rights in v4.0.x Mike RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain - November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain - November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Permissions question
Thanks, Kenn. That worked. From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kenneth Crocker Sent: Wednesday, November 23, 2011 4:28 PM To: RT User List Subject: Re: [rt-users] Permissions question Mike, The correct navigation would be Tools-Config-Global-Group Rights where you then pick a system group, role, or add a User-defined Group. Kenn On Wed, Nov 23, 2011 at 1:17 PM, mja...@guesswho.commailto:mja...@guesswho.com wrote: RT 4.0.4 How do I give a group rights to create/delete/view Saved Searches? As root, I went to Tools..Configuration..Groups and selected my group. I tried different combinations of Group and User Rights, but still the group members can't see/create/delete Saved Searches. Also, when logged in as a group member, I don't see the About Me item under Logged in as Mike. Still wrapping my head around rights in v4.0.x Mike RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain - November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Permissions question
The next question about permissions. I've given my NetOps user group global rights to CreateSavedSearch, LoadSavedSearch, ShowSavedSearches, and EditSavedSearches. Still, when I log on to RT (4.0.4) as a group member and go to Tickets - New Search and select NetOps's Saved Searches in the Privacy dropdown, none of the saved searches show in the Load dropdown. I must be partway there, because under Logged in as mjames - Settings - Saved Searches, I can see the NetOps saved search. I can't load it or run it from there, however. What am I missing? Mike From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of mja...@guesswho.com Sent: Friday, November 25, 2011 10:29 AM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Permissions question Thanks, Kenn. That worked. From: rt-users-boun...@lists.bestpractical.commailto:rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com]mailto:[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kenneth Crocker Sent: Wednesday, November 23, 2011 4:28 PM To: RT User List Subject: Re: [rt-users] Permissions question Mike, The correct navigation would be Tools-Config-Global-Group Rights where you then pick a system group, role, or add a User-defined Group. Kenn On Wed, Nov 23, 2011 at 1:17 PM, mja...@guesswho.commailto:mja...@guesswho.com wrote: RT 4.0.4 How do I give a group rights to create/delete/view Saved Searches? As root, I went to Tools..Configuration..Groups and selected my group. I tried different combinations of Group and User Rights, but still the group members can't see/create/delete Saved Searches. Also, when logged in as a group member, I don't see the About Me item under Logged in as Mike. Still wrapping my head around rights in v4.0.x Mike RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain - November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Permissions question
Mike, I'm not sure what you mean by logged in as a GROUP member. You log in as a User and you are either in a group or you are not. The thing about saved searches is this; all groups have rights associated with them, giving members certain rights that pertain to any searches saved under that group. If you are a member of that group, you will have those rights. You should look at what groups you are a member of (go to Tools-Config-Users-memberships) and then look at what rights are given to members of those groups. That'll do for a start. hope this helps. Kenn On Fri, Nov 25, 2011 at 12:19 PM, mja...@guesswho.com wrote: The next question about permissions. I’ve given my NetOps user group global rights to CreateSavedSearch, LoadSavedSearch, ShowSavedSearches, and EditSavedSearches. Still, when I log on to RT (4.0.4) as a group member and go to Tickets - New Search and select “NetOps’s Saved Searches” in the Privacy dropdown, none of the saved searches show in the Load dropdown. ** ** ** ** I must be partway there, because under Logged in as mjames - Settings - Saved Searches, I can see the NetOps saved search. I can’t load it or run it from there, however. What am I missing? ** ** Mike ** ** *From:* rt-users-boun...@lists.bestpractical.com [mailto: rt-users-boun...@lists.bestpractical.com] *On Behalf Of * mja...@guesswho.com *Sent:* Friday, November 25, 2011 10:29 AM *To:* rt-users@lists.bestpractical.com *Subject:* Re: [rt-users] Permissions question ** ** Thanks, Kenn. That worked. ** ** *From:* rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] *On Behalf Of *Kenneth Crocker *Sent:* Wednesday, November 23, 2011 4:28 PM *To:* RT User List *Subject:* Re: [rt-users] Permissions question ** ** Mike, The correct navigation would be Tools-Config-Global-Group Rights where you then pick a system group, role, or add a User-defined Group. Kenn On Wed, Nov 23, 2011 at 1:17 PM, mja...@guesswho.com wrote: RT 4.0.4 How do I give a group rights to create/delete/view Saved Searches? As root, I went to Tools..Configuration..Groups and selected my group. I tried different combinations of Group and User Rights, but still the group members can’t see/create/delete Saved Searches. Also, when logged in as a group member, I don’t see the “About Me” item under “Logged in as Mike”. Still wrapping my head around rights in v4.0.x Mike RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain — November 28 29, 2011 ** ** RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain — November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
[rt-users] Permissions question
RT 4.0.4 How do I give a group rights to create/delete/view Saved Searches? As root, I went to Tools..Configuration..Groups and selected my group. I tried different combinations of Group and User Rights, but still the group members can't see/create/delete Saved Searches. Also, when logged in as a group member, I don't see the About Me item under Logged in as Mike. Still wrapping my head around rights in v4.0.x Mike RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Permissions question
Mike, The correct navigation would be Tools-Config-Global-Group Rights where you then pick a system group, role, or add a User-defined Group. Kenn On Wed, Nov 23, 2011 at 1:17 PM, mja...@guesswho.com wrote: RT 4.0.4 How do I give a group rights to create/delete/view Saved Searches? As root, I went to Tools..Configuration..Groups and selected my group. I tried different combinations of Group and User Rights, but still the group members can’t see/create/delete Saved Searches. ** ** Also, when logged in as a group member, I don’t see the “About Me” item under “Logged in as Mike”. Still wrapping my head around rights in v4.0.x ** ** Mike RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain — November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Permissions problem. Cannot view queues/tickets or make changes to config as super user
http://requesttracker.wikia.com/wiki/RecoverSuperUserRights Regards, Ruslan. From phone. 02.09.2011 0:18 пользователь josh.cole josh.c...@fresno.edu написал: Roy, I very much appreciate your response, especially considering it must have been a careless mistake that I made that put me in this position. Thanks so much. Raed El-Hames-4 wrote: Josh, As far as I know your only fix is through the database directly. Login in to your RT database and select id from Users where Name = 'root'; #on my system the id of root == 12 select id from Groups where Name = 'User 12'; #on my system this id = 13 select id from Principals where ObjectId = 13 and PrincipalType = 'Group'; #most likely this should be the same as above in my case 13 select * from ACL where PrincipalId = 13 and PrincipalType = 'Group'; #This should return a row with ++---+-+---++--+-+---+ | id | PrincipalType | PrincipalId | RightName | ObjectType | ObjectId | DelegatedBy | DelegatedFrom | ++---+-+---++--+-+---+ | 3 | Group | 13 | SuperUser | RT::System | 1 | 0 | 0 | ++---+-+---++--+-+---+ But in your case most likely it wont , so you will need to insert a new row into your ACL table to match the above. (Remember that the id field is auto increment so you don't include it in your insert statement). Hope that helps; Regards; Roy Visit our website today www.daisygroupplc.com Registered Office: Daisy House, Lindred Road Business Park, Nelson, Lancashire BB9 5SR Company Registration Number: 4145329 | VAT Number: 722471355 Daisy Communications Limited is a company registered in England and Wales. DISCLAIMER This email (including any attachments) is strictly confidential and may also be legally privileged. If the recipient has received this email in error please notify the sender and do not read, print, re-transmit, store or act in reliance on the email or its attachments and immediately delete this email and its attachments from the recipient's system. Daisy Communications Limited cannot accept liability for any breaches of confidence arising through use of email. Employees of Daisy Communications Limited are expressly required not to make any defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by email communications. Any such communication is contrary to the company's policy and outside the scope of the employment of the individual concerned. Daisy Communications Limited will not accept any liability in respect of such a communication, and the employee responsible will be personally liable for any damages or other liabi lity arising. If you are the intended recipient of this email please ensure that neither the email nor any attachments are copied to third parties outside your organisation or saved without the written permission of the sender. In the event of any unauthorised copying or forwarding, the recipient will be required to indemnify Daisy Communications Limited against any claim for loss or damage caused by any viruses or otherwise. WARNING: Computer viruses can be transmitted by email. The recipient should check this email and any attachments for the presence of viruses. Daisy Communications Limited accepts no liability for any damage caused by any virus transmitted by this email or any attachments. NOTICE TO CUSTOMERS If you have ordered a telephone number from Daisy Communications Limited (non-geographic or new line installation) please do NOT arrange for any form of advertising until the number is live and tested. -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of josh.cole Sent: 01 September 2011 00:29 To: rt-users@lists.bestpractical.com Subject: [rt-users] Permissions problem. Cannot view queues/tickets or make changes to config as super user Permissions problem. Cannot view queues/tickets or make changes to config as super user. I am logging in as root. Not sure what I did to cause this problem but if anyone is willing to tell me how to resolve this problem that would be great. -Josh -- View this message in context: http://old.nabble.com/Permissions-problem.- Cannot-view-queues-tickets-or-make-changes-to-config-as-super-user- tp32376364p32376364.html Sent from the Request Tracker - User mailing list archive at Nabble.com. RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011 RT
Re: [rt-users] Permissions problem. Cannot view queues/tickets or make changes to config as super user
Josh, As far as I know your only fix is through the database directly. Login in to your RT database and select id from Users where Name = 'root'; #on my system the id of root == 12 select id from Groups where Name = 'User 12'; #on my system this id = 13 select id from Principals where ObjectId = 13 and PrincipalType = 'Group'; #most likely this should be the same as above in my case 13 select * from ACL where PrincipalId = 13 and PrincipalType = 'Group'; #This should return a row with ++---+-+---++--+-+---+ | id | PrincipalType | PrincipalId | RightName | ObjectType | ObjectId | DelegatedBy | DelegatedFrom | ++---+-+---++--+-+---+ | 3 | Group | 13 | SuperUser | RT::System |1 | 0 | 0 | ++---+-+---++--+-+---+ But in your case most likely it wont , so you will need to insert a new row into your ACL table to match the above. (Remember that the id field is auto increment so you don't include it in your insert statement). Hope that helps; Regards; Roy Visit our website today www.daisygroupplc.com Registered Office: Daisy House, Lindred Road Business Park, Nelson, Lancashire BB9 5SR Company Registration Number: 4145329 | VAT Number: 722471355 Daisy Communications Limited is a company registered in England and Wales. DISCLAIMER This email (including any attachments) is strictly confidential and may also be legally privileged. If the recipient has received this email in error please notify the sender and do not read, print, re-transmit, store or act in reliance on the email or its attachments and immediately delete this email and its attachments from the recipient's system. Daisy Communications Limited cannot accept liability for any breaches of confidence arising through use of email. Employees of Daisy Communications Limited are expressly required not to make any defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by email communications. Any such communication is contrary to the company's policy and outside the scope of the employment of the individual concerned. Daisy Communications Limited will not accept any liability in respect of such a communication, and the employee responsible will be personally liable for any damages or other liabi lity arising. If you are the intended recipient of this email please ensure that neither the email nor any attachments are copied to third parties outside your organisation or saved without the written permission of the sender. In the event of any unauthorised copying or forwarding, the recipient will be required to indemnify Daisy Communications Limited against any claim for loss or damage caused by any viruses or otherwise. WARNING: Computer viruses can be transmitted by email. The recipient should check this email and any attachments for the presence of viruses. Daisy Communications Limited accepts no liability for any damage caused by any virus transmitted by this email or any attachments. NOTICE TO CUSTOMERS If you have ordered a telephone number from Daisy Communications Limited (non-geographic or new line installation) please do NOT arrange for any form of advertising until the number is live and tested. -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of josh.cole Sent: 01 September 2011 00:29 To: rt-users@lists.bestpractical.com Subject: [rt-users] Permissions problem. Cannot view queues/tickets or make changes to config as super user Permissions problem. Cannot view queues/tickets or make changes to config as super user. I am logging in as root. Not sure what I did to cause this problem but if anyone is willing to tell me how to resolve this problem that would be great. -Josh -- View this message in context: http://old.nabble.com/Permissions-problem.- Cannot-view-queues-tickets-or-make-changes-to-config-as-super-user- tp32376364p32376364.html Sent from the Request Tracker - User mailing list archive at Nabble.com. RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Permissions problem. Cannot view queues/tickets or make changes to config as super user
Roy, I very much appreciate your response, especially considering it must have been a careless mistake that I made that put me in this position. Thanks so much. Raed El-Hames-4 wrote: Josh, As far as I know your only fix is through the database directly. Login in to your RT database and select id from Users where Name = 'root'; #on my system the id of root == 12 select id from Groups where Name = 'User 12'; #on my system this id = 13 select id from Principals where ObjectId = 13 and PrincipalType = 'Group'; #most likely this should be the same as above in my case 13 select * from ACL where PrincipalId = 13 and PrincipalType = 'Group'; #This should return a row with ++---+-+---++--+-+---+ | id | PrincipalType | PrincipalId | RightName | ObjectType | ObjectId | DelegatedBy | DelegatedFrom | ++---+-+---++--+-+---+ | 3 | Group | 13 | SuperUser | RT::System |1 | 0 | 0 | ++---+-+---++--+-+---+ But in your case most likely it wont , so you will need to insert a new row into your ACL table to match the above. (Remember that the id field is auto increment so you don't include it in your insert statement). Hope that helps; Regards; Roy Visit our website today www.daisygroupplc.com Registered Office: Daisy House, Lindred Road Business Park, Nelson, Lancashire BB9 5SR Company Registration Number: 4145329 | VAT Number: 722471355 Daisy Communications Limited is a company registered in England and Wales. DISCLAIMER This email (including any attachments) is strictly confidential and may also be legally privileged. If the recipient has received this email in error please notify the sender and do not read, print, re-transmit, store or act in reliance on the email or its attachments and immediately delete this email and its attachments from the recipient's system. Daisy Communications Limited cannot accept liability for any breaches of confidence arising through use of email. Employees of Daisy Communications Limited are expressly required not to make any defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by email communications. Any such communication is contrary to the company's policy and outside the scope of the employment of the individual concerned. Daisy Communications Limited will not accept any liability in respect of such a communication, and the employee responsible will be personally liable for any damages or other liabi lity arising. If you are the intended recipient of this email please ensure that neither the email nor any attachments are copied to third parties outside your organisation or saved without the written permission of the sender. In the event of any unauthorised copying or forwarding, the recipient will be required to indemnify Daisy Communications Limited against any claim for loss or damage caused by any viruses or otherwise. WARNING: Computer viruses can be transmitted by email. The recipient should check this email and any attachments for the presence of viruses. Daisy Communications Limited accepts no liability for any damage caused by any virus transmitted by this email or any attachments. NOTICE TO CUSTOMERS If you have ordered a telephone number from Daisy Communications Limited (non-geographic or new line installation) please do NOT arrange for any form of advertising until the number is live and tested. -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of josh.cole Sent: 01 September 2011 00:29 To: rt-users@lists.bestpractical.com Subject: [rt-users] Permissions problem. Cannot view queues/tickets or make changes to config as super user Permissions problem. Cannot view queues/tickets or make changes to config as super user. I am logging in as root. Not sure what I did to cause this problem but if anyone is willing to tell me how to resolve this problem that would be great. -Josh -- View this message in context: http://old.nabble.com/Permissions-problem.- Cannot-view-queues-tickets-or-make-changes-to-config-as-super-user- tp32376364p32376364.html Sent from the Request Tracker - User mailing list archive at Nabble.com. RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL
[rt-users] Permissions for saved search on RT at a Glance
Hi, I have a new install of RT and would like to change the default RT-at-a-Glance for everyone. I followed the instructions on the wiki here and I have it working for the root user. http://wiki.bestpractical.com/view/ChangeDefaultRTAtAGlance I created a 'support' group and added 4 users to that group. I also created an 'Approvers' group but no-one is in that yet. I saved my custom query as 'RT System saved searches My Service Requests'. In Config Groups 'Support' Group Rights I added 'ShowSavedSearches' to both the 'System Privileged' group and the 'User defined - Support' group. Unfortunately I get the error Predefined search My Service Requests not found when logging in as the Support user Phil. Have I missed something simple with my Permissions settings? Thanks in advance, Alister -- Alister West alis...@gossamer-threads.com w: http://www.gossamer-threads.com RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT!
Re: [rt-users] Permissions for saved search on RT at a Glance
I found my Permission setting and now everything works as expected. It was the global config that I needed to change. Config _Global_ Groups Privileged ShowSavedSearches. I have updated the wiki to make this more clear. http://wiki.bestpractical.com/view/ChangeDefaultRTAtAGlance Cheers, Alister West alis...@gossamer-threads.com On 10-08-20 10:58 AM, Alister West wrote: Hi, I have a new install of RT and would like to change the default RT-at-a-Glance for everyone. I followed the instructions on the wiki here and I have it working for the root user. http://wiki.bestpractical.com/view/ChangeDefaultRTAtAGlance I created a 'support' group and added 4 users to that group. I also created an 'Approvers' group but no-one is in that yet. I saved my custom query as 'RT System saved searches My Service Requests'. In Config Groups 'Support' Group Rights I added 'ShowSavedSearches' to both the 'System Privileged' group and the 'User defined - Support' group. Unfortunately I get the error Predefined search My Service Requests not found when logging in as the Support user Phil. Have I missed something simple with my Permissions settings? Thanks in advance, Alister RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT!
Re: [rt-users] Permissions for saved search on RT at a Glance
Alister, What we did was grant all the Search privileges (Show, Save, Modify, etc) *Globally to all Privileged * Users. This did *NOT* affect Personal Searches. For Groups, it allows those rights *IF AND ONLY IF* they are a *member of said group*. By doing it this way, we saved ourselves a *WHOLE BUNCH* of maintenance. Just a thought on rights management. Kenn LBNL On Fri, Aug 20, 2010 at 11:24 AM, Alister West alis...@gossamer-threads.com wrote: I found my Permission setting and now everything works as expected. It was the global config that I needed to change. Config _Global_ Groups Privileged ShowSavedSearches. I have updated the wiki to make this more clear. http://wiki.bestpractical.com/view/ChangeDefaultRTAtAGlance Cheers, Alister West alis...@gossamer-threads.com On 10-08-20 10:58 AM, Alister West wrote: Hi, I have a new install of RT and would like to change the default RT-at-a-Glance for everyone. I followed the instructions on the wiki here and I have it working for the root user. http://wiki.bestpractical.com/view/ChangeDefaultRTAtAGlance I created a 'support' group and added 4 users to that group. I also created an 'Approvers' group but no-one is in that yet. I saved my custom query as 'RT System saved searches My Service Requests'. In Config Groups 'Support' Group Rights I added 'ShowSavedSearches' to both the 'System Privileged' group and the 'User defined - Support' group. Unfortunately I get the error Predefined search My Service Requests not found when logging in as the Support user Phil. Have I missed something simple with my Permissions settings? Thanks in advance, Alister RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT! RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT!
[rt-users] Permissions question
Quick perms question. I have a group of users that I would like to restrict the tickets that they can see to tickets they are listed as an admincc on. Thus they would get a limited view of the queue. Based on my testing this doesn't seem possible, but I thought I would at least pose the question. ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Permissions by custom field
Todd Chapman schrieb: It is possible without a special queue, and it's not that hard. :) OK, can you point me to where this is described? Or describe it yourself? Because I was looking for it very long in the wiki and couldn't find it ;-) Best Regards, Rainer ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Permissions by custom field
I described it very early in this thread. Basically: 1. create a group for each customer. 2. create a scrip that assigns that group as a Cc to the ticket when the ticket is created. 3. give ShowTicket to the Cc role. On Tue, Jul 15, 2008 at 12:19 PM, Rainer Duffner [EMAIL PROTECTED] wrote: Todd Chapman schrieb: It is possible without a special queue, and it's not that hard. :) OK, can you point me to where this is described? Or describe it yourself? Because I was looking for it very long in the wiki and couldn't find it ;-) Best Regards, Rainer ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Permissions by custom field
Kenneth, Todd Chapman sent some suggestions I will try. I will try to be a bit more clear in my problem statement: We have a single queue called support that handles all tickets from various customers we have SLA's with. For ease of use we decided to only use a single queue and not create a queue per customer (as that list fluctuates sometimes). Also, we have certain information on what packages our customers offer to their customers, and how this is implemented, and all this is bound by NDA's, so it's imperative we do not let one customer see the details of another customer's tickets. To differentiate tickets raised by various customers we created a Custom Field that contains the name of the customer. Now, the issue is this: CustomerA has got a number of employees: Empl1, Empl2 and Empl3. Either of them can raise a ticket, and we will respond and close the ticket. Now, some time later the COO/CEO of CustomerA requires access to all tickets raised by the various employees to track who has not done their job, or where contractual violations occurred. How can we grant this user access to all tickets raised by his company (and tagged by a certain Custom Field), whilst not allowing him access to tickets raised by other customers? Right now I am leaning towards creating a group for every customer, then add the group as a Requestor/Cc for the ticket. If I understand things correctly group members should then have access to all tickets created under that group, if I give ShowTicket to the group, but to no others. Not sure if there's an esier way to do this, though. Thanks :) Braam van Heerden Conversant Systems (Pty) Ltd Tel: +27 11 782 2930 Cell: +27 82 336 4643 Skype: braamvh -Original Message- From: Kenneth Crocker [mailto:[EMAIL PROTECTED] Sent: 11 July 2008 18:39 PM To: Braam van Heerden Cc: [EMAIL PROTECTED] Subject: Re: [rt-users] Permissions by custom field Braam, I'm a bit confused. Your subject line mentions permissions and I don't see that question here. As to Custom Fields, what is the correlation between customer and company? Normally, I would think it was one to one. However, if you are creating tickets for someone else, you can modify the Requestor to be the customer and not you. You will still be the creator. Then, you can have a CF that is the company. Permissions would be simpler. You could grant the right to ShowTicket Globally to the Requestor role and that would keep your customer from seeing other customer (Requestor) tickets. Then you merely go to your Custom Field and apply it to the support queue and then go to Group Rights and grant SeeCustomField to Privileged. That way all privileged users will be able to see that field as well as the ticket in a queue they are privileged to access. Hope this helps. Kenn LBNL On 7/11/2008 6:01 AM, Braam van Heerden wrote: Greetings, After reading the permissions wiki I still can't figure out how to achieve what my MD wants. Please excuse me if this is described there. I am still fairly new at RT and the permissions system. We have a queue called Support where all our product support requests from clients go into. We also have a custom field called Client that contains the name of the customer the ticket was raised for. Our customers can log into RT and see all the tickets they originated, but some managers would like to see all the tickets generated for their company. How can we set up the permissions to achieve this? Clients are not allowed to see other client's tickets, and we would prefer not to create a queue for each customer, as this sometimes vary. Any tips would be appreciated. We are running RT 3.6.6. Thanks :) Braam van Heerden Conversant Systems (Pty) Ltd Tel: +27 11 782 2930 Cell: +27 82 336 4643 Skype: braamvh ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Permissions by custom field
Braam van Heerden schrieb: Kenneth, Todd Chapman sent some suggestions I will try. I will try to be a bit more clear in my problem statement: I solved this by creating a queue for the customer and making one user a privileged user for that queue only. So he can see all tickets. Support staff here must move tickets into that queue first, though. (I think that's all I had to do, but I can't remember 100%). This is really one of the few problematic areas of RT - it's a common problem with control-freak bosses of partners who want to see all tickets, so they can judge (from the amount and from cross-reading them) if there is a problem or not... I wish, this was possible without a special queue. cu, Rainer ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Permissions by custom field
It is possible without a special queue, and it's not that hard. :) On Mon, Jul 14, 2008 at 9:25 AM, Rainer Duffner [EMAIL PROTECTED] wrote: Braam van Heerden schrieb: Kenneth, Todd Chapman sent some suggestions I will try. I will try to be a bit more clear in my problem statement: I solved this by creating a queue for the customer and making one user a privileged user for that queue only. So he can see all tickets. Support staff here must move tickets into that queue first, though. (I think that's all I had to do, but I can't remember 100%). This is really one of the few problematic areas of RT - it's a common problem with control-freak bosses of partners who want to see all tickets, so they can judge (from the amount and from cross-reading them) if there is a problem or not... I wish, this was possible without a special queue. cu, Rainer ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Permissions by custom field
Roy, Here's the reply from Todd: -- your clients are the requestor of the ticket? if so just give the Requestor role ShowTicket. if every employee of a particular client needs to see each ticket you may have to create a scrip to add the client's group as Cc and give ShowTicket to the Cc role. -- Very similar to your solution. - Braam Hi Braam; Its always interesting to read Todd's suggestions cause he is always spot on; but could n't find them in the thread , ist possible to forward them to the list please. With regard to dealing with customers, our implementation here is exactly as you suggested, we group our customer contacts , if any of the contacts open a ticket (via web/mail), a scrip action add the rest of the customer group contacts as requestors; and a set a cf to the customer name(organisation), then all customer contacts can login to the self service interface and view/update the tickets. This have served us well for the past few years, the only issue we get every now and then, is when we add a new customer contact that need visibility of old ticket, for this I have a perl script that crawl tickets looking for tickets with cf for the customer and add the new contact as requester. I am not an admirer of queue per customer, my philosophy is that queues should represent the internal departments. Regards; Roy ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Permissions by custom field
Hi Braam; Its always interesting to read Todd's suggestions cause he is always spot on; but could n't find them in the thread , ist possible to forward them to the list please. With regard to dealing with customers, our implementation here is exactly as you suggested, we group our customer contacts , if any of the contacts open a ticket (via web/mail), a scrip action add the rest of the customer group contacts as requestors; and a set a cf to the customer name(organisation), then all customer contacts can login to the self service interface and view/update the tickets. This have served us well for the past few years, the only issue we get every now and then, is when we add a new customer contact that need visibility of old ticket, for this I have a perl script that crawl tickets looking for tickets with cf for the customer and add the new contact as requester. I am not an admirer of queue per customer, my philosophy is that queues should represent the internal departments. Regards; Roy Braam van Heerden wrote: Kenneth, Todd Chapman sent some suggestions I will try. I will try to be a bit more clear in my problem statement: We have a single queue called support that handles all tickets from various customers we have SLA's with. For ease of use we decided to only use a single queue and not create a queue per customer (as that list fluctuates sometimes). Also, we have certain information on what packages our customers offer to their customers, and how this is implemented, and all this is bound by NDA's, so it's imperative we do not let one customer see the details of another customer's tickets. To differentiate tickets raised by various customers we created a Custom Field that contains the name of the customer. Now, the issue is this: CustomerA has got a number of employees: Empl1, Empl2 and Empl3. Either of them can raise a ticket, and we will respond and close the ticket. Now, some time later the COO/CEO of CustomerA requires access to all tickets raised by the various employees to track who has not done their job, or where contractual violations occurred. How can we grant this user access to all tickets raised by his company (and tagged by a certain Custom Field), whilst not allowing him access to tickets raised by other customers? Right now I am leaning towards creating a group for every customer, then add the group as a Requestor/Cc for the ticket. If I understand things correctly group members should then have access to all tickets created under that group, if I give ShowTicket to the group, but to no others. Not sure if there's an esier way to do this, though. Thanks :) Braam van Heerden Conversant Systems (Pty) Ltd Tel: +27 11 782 2930 Cell: +27 82 336 4643 Skype: braamvh -Original Message- From: Kenneth Crocker [mailto:[EMAIL PROTECTED] Sent: 11 July 2008 18:39 PM To: Braam van Heerden Cc: [EMAIL PROTECTED] Subject: Re: [rt-users] Permissions by custom field Braam, I'm a bit confused. Your subject line mentions permissions and I don't see that question here. As to Custom Fields, what is the correlation between customer and company? Normally, I would think it was one to one. However, if you are creating tickets for someone else, you can modify the Requestor to be the customer and not you. You will still be the creator. Then, you can have a CF that is the company. Permissions would be simpler. You could grant the right to ShowTicket Globally to the Requestor role and that would keep your customer from seeing other customer (Requestor) tickets. Then you merely go to your Custom Field and apply it to the support queue and then go to Group Rights and grant SeeCustomField to Privileged. That way all privileged users will be able to see that field as well as the ticket in a queue they are privileged to access. Hope this helps. Kenn LBNL On 7/11/2008 6:01 AM, Braam van Heerden wrote: Greetings, After reading the permissions wiki I still can't figure out how to achieve what my MD wants. Please excuse me if this is described there. I am still fairly new at RT and the permissions system. We have a queue called Support where all our product support requests from clients go into. We also have a custom field called Client that contains the name of the customer the ticket was raised for. Our customers can log into RT and see all the tickets they originated, but some managers would like to see all the tickets generated for their company. How can we set up the permissions to achieve this? Clients are not allowed to see other client's tickets, and we would prefer not to create a queue for each customer, as this sometimes vary. Any tips would be appreciated. We are running RT 3.6.6. Thanks :) Braam van Heerden Conversant Systems (Pty) Ltd Tel: +27
Re: [rt-users] Permissions by custom field
Braam, I agree with the group idea, always have. In fact, you can add yourself as a member of each group and create some searches that you can seave for each individual group. That way, when the other members of each group wants to run a query, they hav3e several choices they can make becuae you some some good ones for them and those are available to everyone in the SAME group. Also, The group as requestor is the same idea as I made of granting ShowTicket blobally to the role Requestor. That allows requstors the right to see ONLY their tickets (as long as you didn't grant ShowTicket to another group). The CF for Customer name can also be used for searches and you can write a scrip to pre-fill that CF by the @.com or .org portion of the email address and that way all tickets created will automatically have the correct Customer NAme' when created. Just a thought. Kenn LBNL On 7/14/2008 5:32 AM, Braam van Heerden wrote: Kenneth, Todd Chapman sent some suggestions I will try. I will try to be a bit more clear in my problem statement: We have a single queue called support that handles all tickets from various customers we have SLA's with. For ease of use we decided to only use a single queue and not create a queue per customer (as that list fluctuates sometimes). Also, we have certain information on what packages our customers offer to their customers, and how this is implemented, and all this is bound by NDA's, so it's imperative we do not let one customer see the details of another customer's tickets. To differentiate tickets raised by various customers we created a Custom Field that contains the name of the customer. Now, the issue is this: CustomerA has got a number of employees: Empl1, Empl2 and Empl3. Either of them can raise a ticket, and we will respond and close the ticket. Now, some time later the COO/CEO of CustomerA requires access to all tickets raised by the various employees to track who has not done their job, or where contractual violations occurred. How can we grant this user access to all tickets raised by his company (and tagged by a certain Custom Field), whilst not allowing him access to tickets raised by other customers? Right now I am leaning towards creating a group for every customer, then add the group as a Requestor/Cc for the ticket. If I understand things correctly group members should then have access to all tickets created under that group, if I give ShowTicket to the group, but to no others. Not sure if there's an esier way to do this, though. Thanks :) Braam van Heerden Conversant Systems (Pty) Ltd Tel: +27 11 782 2930 Cell: +27 82 336 4643 Skype: braamvh -Original Message- From: Kenneth Crocker [mailto:[EMAIL PROTECTED] Sent: 11 July 2008 18:39 PM To: Braam van Heerden Cc: [EMAIL PROTECTED] Subject: Re: [rt-users] Permissions by custom field Braam, I'm a bit confused. Your subject line mentions permissions and I don't see that question here. As to Custom Fields, what is the correlation between customer and company? Normally, I would think it was one to one. However, if you are creating tickets for someone else, you can modify the Requestor to be the customer and not you. You will still be the creator. Then, you can have a CF that is the company. Permissions would be simpler. You could grant the right to ShowTicket Globally to the Requestor role and that would keep your customer from seeing other customer (Requestor) tickets. Then you merely go to your Custom Field and apply it to the support queue and then go to Group Rights and grant SeeCustomField to Privileged. That way all privileged users will be able to see that field as well as the ticket in a queue they are privileged to access. Hope this helps. Kenn LBNL On 7/11/2008 6:01 AM, Braam van Heerden wrote: Greetings, After reading the permissions wiki I still can't figure out how to achieve what my MD wants. Please excuse me if this is described there. I am still fairly new at RT and the permissions system. We have a queue called Support where all our product support requests from clients go into. We also have a custom field called Client that contains the name of the customer the ticket was raised for. Our customers can log into RT and see all the tickets they originated, but some managers would like to see all the tickets generated for their company. How can we set up the permissions to achieve this? Clients are not allowed to see other client's tickets, and we would prefer not to create a queue for each customer, as this sometimes vary. Any tips would be appreciated. We are running RT 3.6.6. Thanks :) Braam van Heerden Conversant Systems (Pty) Ltd Tel: +27 11 782 2930 Cell: +27 82 336 4643 Skype: braamvh ___ http://lists.bestpractical.com/cgi-bin/mailman
[rt-users] Permissions by custom field
Greetings, After reading the permissions wiki I still can't figure out how to achieve what my MD wants. Please excuse me if this is described there. I am still fairly new at RT and the permissions system. We have a queue called Support where all our product support requests from clients go into. We also have a custom field called Client that contains the name of the customer the ticket was raised for. Our customers can log into RT and see all the tickets they originated, but some managers would like to see all the tickets generated for their company. How can we set up the permissions to achieve this? Clients are not allowed to see other client's tickets, and we would prefer not to create a queue for each customer, as this sometimes vary. Any tips would be appreciated. We are running RT 3.6.6. Thanks :) Braam van Heerden Conversant Systems (Pty) Ltd Tel: +27 11 782 2930 Cell: +27 82 336 4643 Skype: braamvh ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] Permissions on user information?
I applied a mod to the ShowPeople Element on a ticket that uses %$UserObj-WorkPhone% to display the requestor's phone number. Only people with full admin access to the RT system can see the phone number. I looked through the permissions and did not see anything obvious that allows us to control who can see directory information like that. Any suggestions? I obviously don't want normal users to have full write access to change people's directory info. ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] permissions on etc dir files.
I was just updating the FreeBSD port to rt 3.6.2 and finally got around to digging into why there are funky file permissions on the etc files. For some reason they are all set to 0500 permissions, but not a single file there needs to be executable... Shouldn't they get 0400 instead? Also, I'd like to suggest that the config files be chgrp'd to the WEB_GROUP group to ensure that the http server can read them. Otherwise RT fails to run. I'm patching these changes into the FreeBSD port for now, but I think they ought to be in the original sources. smime.p7s Description: S/MIME cryptographic signature ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] permissions on etc dir files.
On Dec 19, 2006, at 3:32 PM, Vivek Khera wrote: I was just updating the FreeBSD port to rt 3.6.2 and finally got around to digging into why there are funky file permissions on the etc files. For some reason they are all set to 0500 permissions, but not a single file there needs to be executable... Shouldn't they get 0400 instead? Also, I'd like to suggest that the config files be chgrp'd to the WEB_GROUP group to ensure that the http server can read them. Otherwise RT fails to run. Also, the config files themselves don't need to be 0550 mode, but 0440. smime.p7s Description: S/MIME cryptographic signature ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] Permissions to view More about user
Hi list, I wrote a script to pull all our user information from out directory into RT. Information such as Phone Numbers etc.. that kind of thing. All this information can now be viewed from the root account but not from the other privileged accounts. What permission do i need to give to the priviliged accounts to be able to view this information ?. Thanks -- Ian Clancy IT Co-ordinator Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] Permissions Problem
Hi all. I have a queue called Sales with the following group rights: Everyone: CreateTicket ReplyToTicket SeeQueue Sales: ModifyTicket OwnTicket ReplyToTicket ShowOutgoingEmail ShowTicket ShowTicketComments StealTicket TakeTicket Watch WatchAsAdminCc However, users in the Sales *and* Everyone groups still can't see the queue. What am I missing? David Smithson -- ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
RE: [rt-users] Permissions Problem
Now, I don't really need Everyone to have the See Queue right, so if I assign that right to Sales, all users in the Sales group can see the queue. I guess I'm curious as to why the Everyone rights aren't inherited here by users who are members of the Everyone group in this case. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Smithson Sent: Tuesday, August 01, 2006 2:38 PM To: RT-List Users Subject: [rt-users] Permissions Problem Hi all. I have a queue called Sales with the following group rights: Everyone: CreateTicket ReplyToTicket SeeQueue Sales: ModifyTicket OwnTicket ReplyToTicket ShowOutgoingEmail ShowTicket ShowTicketComments StealTicket TakeTicket Watch WatchAsAdminCc However, users in the Sales *and* Everyone groups still can't see the queue. What am I missing? David Smithson -- ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
[rt-users] permissions of RT_System
Hello, I am trying to set a custom field based on an incoming mail. Part of the code looks like this: my $CF_Obj = RT::CustomField-new($RT::SystemUser); my $cf_name = Skill; $CF_Obj-LoadByName( Name = $cf_name, Queue = '0',); my ($retcode, $msg) = $CF_Obj-AddValueForObject( Object = $self-TicketObj, Content = $cf_value, ); $RT::Logger-debug(Return code [$retcode] Msg [$msg]\n); The scrip gets executed, however the custom field wont be set, because the permission is denied. The user is RT_System, but I cant seem to find where I can set the ModifyCustomField right for this user. Can someone please help me? Thanks, Alain Sips ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html