[rt-users] Permissions for Queue Admins

[Tim Gustafson]

Hi,

Our RT installation has recently had a large influx of new queues and
groups, and I'd like to delegate some of the day-to-day maintenance of
things to certain people within those groups so that I'm not doing
data entry for everyone.

For each logical group of folks, I've created an "Admins" group, for
example: "Engineering RT Admins", "Humanities RT Admins" and so on.

In global rights, I've given that group access to "Show Admin Menu",
"View Scrips" and "View Scrip Templates" and "Allow writing Perl code
in templates, scrips, etc".

For each engineering queue, I've given that group full control - all
boxes are checked in the queue configuration under "group rights" for
that queue, primarily so they can modify their scrips and templates.

For each engineering group, I've given that group full control as
well, so that they can add and remove members as needed.

My question has a few parts:

1. Are there any other "global" rights that I should be assigning
these folks?  Are there any dangers/pitfalls to consider in this kind
of configuration?

2. Is there any way to trim down the "Admin" menu so that it only
shows things that the person has access to?

3. On the admin pages that list groups and queues, the system
paginates as though the user can see all 100 or so queues and groups,
but they have to go to page 3 to get see their queues/groups; pages 1
and 2 show up in the pager, but have no content, as the users don't
have access to queues/groups displayed on those pages.  Can this be
cleaned up so that the system only paginates for the queues and groups
that the user has access to?

4. Is it possible to give someone the ability to edit a queue's scrips
and templates without also allowing them to edit everything else about
the queue?  Changing queue names breaks our sendmail configuration, so
I'd like to prevent them from doing that if at all possible.

5. Is there anything else I should be tracking while delegating this
sort of access to other folks?

-- 

Tim Gustafson
t...@ucsc.edu
831-459-5354
Baskin Engineering, Room 313A

Re: [rt-users] Permissions on Customfield for CommandByEmail

[Woody - Wild Thing Safaris]

pls ignore. those CF's are not the ones needing updating. something else 
is up



On 09/12/16 20:49, Woody - Wild Thing Safaris wrote:

HI All,

I'm trying to set a custom field on create using the headers

X-RT-Command: CF.{PNR}: 12345678

X-RT-Command: CF.{Surname}: Bloggs

logs show:

[7552] [Fri Dec  9 17:35:30 2016] [debug]: Got command 
customfield{pnr} => 12345678 
(/var/www/xxx/local/plugins/RT-Extension-CommandByMail/lib/RT/Extension/CommandByMail.pm:383)
[7552] [Fri Dec  9 17:35:30 2016] [debug]: Got command 
customfield{surname} => Bloggs 
(/var/www/xxx/local/plugins/RT-Extension-CommandByMail/lib/RT/Extension/CommandByMail.pm:383)
[7552] [Fri Dec  9 17:35:31 2016] [debug]: Permission denied. User 
#469290 has no SeeCustomField right on CF #37 
(/var/www/sxxx/sbin/../lib/RT/CustomField.pm:1053)
[7552] [Fri Dec  9 17:35:31 2016] [debug]: Permission denied. User 
#469290 has no SeeCustomField right on CF #83 
(/var/www/xxx/sbin/../lib/RT/CustomField.pm:1053)


i actually want to "set initial value" for the custom field

i have granted "Everyone" the SeeCustomField and ModifyCustomField 
right for both fields.


I have also granted "SeeCustomField" and "ModifyCustomField" to 
Everyone for the Queue.


Is there a higher ranking right that i need for that right to exist? 
or is there a "set initial value" right somewhere?


thanks, as always, in advance

w.




--

---

Richard Wood (Woody)
Managing Director
Wild Thing Safaris Ltd.

UK: 2B Habbo St, Greenwich, London
Dar es Salaam: 5 Ethan St, Mbezi beach
Arusha: 3 Ebeneezer Rd, Njiro
PO BOX 34514 DSM
Office: +255 (0) 222 617 166
Office Mobile: +255 (0) 773 503 502
Direct: +255 742 373 327
Skype: woody1tz
http://wildthingsafaris.com

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

[rt-users] Permissions on Customfield for CommandByEmail

[Woody - Wild Thing Safaris]

HI All,

I'm trying to set a custom field on create using the headers

X-RT-Command: CF.{PNR}: 12345678

X-RT-Command: CF.{Surname}: Bloggs

logs show:

[7552] [Fri Dec  9 17:35:30 2016] [debug]: Got command customfield{pnr} 
=> 12345678 
(/var/www/xxx/local/plugins/RT-Extension-CommandByMail/lib/RT/Extension/CommandByMail.pm:383)
[7552] [Fri Dec  9 17:35:30 2016] [debug]: Got command 
customfield{surname} => Bloggs 
(/var/www/xxx/local/plugins/RT-Extension-CommandByMail/lib/RT/Extension/CommandByMail.pm:383)
[7552] [Fri Dec  9 17:35:31 2016] [debug]: Permission denied. User 
#469290 has no SeeCustomField right on CF #37 
(/var/www/sxxx/sbin/../lib/RT/CustomField.pm:1053)
[7552] [Fri Dec  9 17:35:31 2016] [debug]: Permission denied. User 
#469290 has no SeeCustomField right on CF #83 
(/var/www/xxx/sbin/../lib/RT/CustomField.pm:1053)


i actually want to "set initial value" for the custom field

i have granted "Everyone" the SeeCustomField and ModifyCustomField right 
for both fields.


I have also granted "SeeCustomField" and "ModifyCustomField" to Everyone 
for the Queue.


Is there a higher ranking right that i need for that right to exist? or 
is there a "set initial value" right somewhere?


thanks, as always, in advance

w.


--

---

Richard Wood (Woody)
Managing Director
Wild Thing Safaris Ltd.

UK: 2B Habbo St, Greenwich, London
Dar es Salaam: 5 Ethan St, Mbezi beach
Arusha: 3 Ebeneezer Rd, Njiro
PO BOX 34514 DSM
Office: +255 (0) 222 617 166
Office Mobile: +255 (0) 773 503 502
Direct: +255 742 373 327
Skype: woody1tz
http://wildthingsafaris.com

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Permissions to let a user administer a queue

[fleon]

I added the ShowACL and ModifyAcl permissions to the admincc, even tried
assigning them to the user manually, even as a global right, but still i
can't see the system groups.



--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/Permissions-to-let-a-user-administer-a-queue-tp58608p58622.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
-- 
RT Training November 4  5 Los Angeles
http://bestpractical.com/training

Re: [rt-users] Permissions to let a user administer a queue

[fleon]

Finally resolved it. I decided to turn on all rights to the user on a
global level and turning them off one by one.
Turns out i had to enable SeeQueue as a global right.
I am thinking unprivileged, privileged, everyone are internal groups
therefore i needed the permission.

However, now the user can see any group and know the group's members, but he
can't mess with the other group. That's not what i want, however i can live
with it, and i can sort of understand why it works this way. You need to
view every group in order to assign them permissions.

For me it would have made for sense for the admincc to be able to do
everything with a queue without requiring a global right. Users shouldn't be
able to know which users are inside a group, and i can't see a way to deny
outside users this right from the other group itself.

So, to recap, here is what i did:
-Assign a specific user ShowConfigTab and SeeQueue
-Add group A to queue A and grant all permissions in that queue for that
group.

I hope this helps someone, but i am hoping my solution is actually wrong and
there's a better way to do this, but i can't see it. After all, i needed to
enable just 2 permissions to fix my issue.



--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/Permissions-to-let-a-user-administer-a-queue-tp58608p58623.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
-- 
RT Training November 4  5 Los Angeles
http://bestpractical.com/training

Re: [rt-users] Permissions to let a user administer a queue

[Kevin Falcone]

On Fri, Sep 26, 2014 at 06:12:13AM -0700, fleon wrote:
 Turns out i had to enable SeeQueue as a global right.
 I am thinking unprivileged, privileged, everyone are internal groups
 therefore i needed the permission.

SeeQueue or SeeGroup?
If you really fixed this with SeeQueue, then your complaint is very
confusing to me.

You should file a feature request to make the
Everyone/Privileged/Unprivileged and Role groups visible on Queue
rights pages for Queue admins (users without SuperUser).

-kevin


pgpvkxEbflAMi.pgp
Description: PGP signature
-- 
RT Training November 4  5 Los Angeles
http://bestpractical.com/training

Re: [rt-users] Permissions to let a user administer a queue

[fleon]

I am very sorry, you are right, i had to enable SeeGroup.

I am glad that you see that this can be improved. I filed bug 30416.
http://issues.bestpractical.com/Ticket/Display.html?id=30416



--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/Permissions-to-let-a-user-administer-a-queue-tp58608p58629.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
-- 
RT Training November 4  5 Los Angeles
http://bestpractical.com/training

[rt-users] Permissions to let a user administer a queue

[fleon]

Hello, i am having a hard time setting permissions correctly. I have a queue
for the development guys, created a group for the developers to join.

I want one of those developers to have rights to administer everything
relating to that queue. So i added the user to the group, gave permissions
to the group and gave the specific user adminqueue

The problem is that when the user logs in he doesn't have any way to admin
the queue.

I searched the forum and one guy had the same problem, and it was suggested
to make an admin group and gave that group  ShowConfigTab, but if i give
that permission then they can see every option in the admin menu, the name
of all queues and a bunch of other things they shouldn't have.

So far, i added every permission to the user i want both in the group and in
the queue.

I just want the queue to be administered by one user, and that user to also
be able to add /remove people from the group that was created to handle the
tickets in that queue.

Can someone help? Thanks in advance



--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/Permissions-to-let-a-user-administer-a-queue-tp58608.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
-- 
RT Training November 4  5 Los Angeles
http://bestpractical.com/training

Re: [rt-users] Permissions to let a user administer a queue

[fleon]

i decided to enable ShowConfigTab and then revoke all rights on the
privileged group to the other queue. That other queue only has rights for
requesters and users of their own group.
So far i think it's working, the user sees all menus but can only see his
queue, can't create or modify other queues (he can't even see them).

He can also add users to the group he belongs to. The only thing missing is
that the system groups are not being shown inside the queue, so he can't set
permissions on them:

System
 Everyone (not shown)
 Privileged (not shown)
 Unprivileged (not shown)
Roles
 AdminCc (not shown)
 Cc (not shown)
 Owner (not shown)
 Requestor (not shown)

He only sees his group belonging to his queue. What i am missing so he can
set the permissions to the system and role groups?



--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/Permissions-to-let-a-user-administer-a-queue-tp58608p58613.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
-- 
RT Training November 4  5 Los Angeles
http://bestpractical.com/training

Re: [rt-users] Permissions Questions

[Kenneth Crocker]

Ray,

Yep. It also depends on where you saved those group searches and the
Group permissipns you gave to members of those groups. Group permissions
are different than Queue/Ticket permissions.

For example, you could give members of Group 2 the rights to see/modify,
load, etc Group2 searches but NOT give those rights to members of the other
groups. Then Ray, being a member of all 3 groups, would only see the
searches saved under Group2.

If those searches are all the same, then you could save those searches are
RT Global searches and NOT saved as Group searches and then Ray would only
see them once.

It really boils down to how you have your Queues and Groups set up. If you
segregate enough, you can create groups that are combinations of other
groups and then grant rights appropriately. There's all kindsof
configurations you can play with if you set up the Queues/Groups
relationships correctly.

I could answer more definitively if I knew what groups need to see what
information in what Queues. The kinds of overlaps in information and
searches, etc.

Hope this helps.

Kenn

On Wed, Feb 20, 2013 at 7:25 AM, Raymond Corbett 
raymond.corb...@arcproductions.com wrote:

  Hello all. 

 ** **

 Great system.  Slowly I am getting my head around permissions.  However I
 have a problem with this situation:

 ** **

 I have a User:  Ray

 ** **

 Ray is a member of 3 groups:

 **· **Group Q1

 **· **Group Q2

 **· **Group Q3

 ** **

 These Groups all watch the following Queues:

 **· **Q1

 **· **Q2

 **· **Q3

 ** **

 Each of these Queues have saved searches associated with them. 

 ** **

 I now want a Dashboard, let’s say it will be called  Ray’s Q2 Dashboard. *
 ***

 ** **

 I want to see the saved searches portal here but I would like it to show
 only  the Q2  saved searches. 

 ** **

 Since Ray watches all three queues, I find that I am getting the Save
 Searches showing for all the 3 Queues. 

 ** **

 Possible to do with the correct Permission settings?

 ** **

 ** **

 ** **

 [image: ARC] http://www.arcproductions.com/

 *Ray Corbett  Technology Projects Manager**

 p:** **416.682.5200 x5232  | f: 416.682.5209
 Arc Productions Ltd. | 230 Richmond Street East | Toronto, ON M5A 1P4
 www.arcproductions.com* 

  

 ** **



 --
 RT training in Amsterdam, March 20-21:
 http://bestpractical.com/services/training.html

 Help improve RT by taking our user survey:
 https://www.surveymonkey.com/s/N23JW9T

image001.gif

-- 
RT training in Amsterdam, March 20-21: 
http://bestpractical.com/services/training.html

Help improve RT by taking our user survey: 
https://www.surveymonkey.com/s/N23JW9T

[rt-users] Permissions

[Josh Hopkins]

How do you restrict a user from seeing a specific queue even exists?  How do 
you restrict a privileged account from seeing anything other than the tickets 
they have requested?

Re: [rt-users] Permissions

[Kenneth Crocker]

Josh,

For Queues, don't grant any permissions for Queues at the Global level.
Grant them for Roles or User-defined groups.

for restricting privileged users from seeing tickets they have NOT
requested, then grant ShowTicket to the Role of Requestor, either for a
specific Queue or GLobally, if you want that kind of restriction applied
globally.

These answers are found in a couple RT books. Try to get them and read
them. Like reading an owners manual for a complicated piece of machinery.

Hope this helps.

Kenn

On Tue, Aug 28, 2012 at 10:00 AM, Josh Hopkins j...@prorivertech.comwrote:

 How do you restrict a user from seeing a specific queue even exists?  How
 do you restrict a privileged account from seeing anything other than the
 tickets they have requested?

[rt-users] Permissions in RT 4.0.6

[Max McGrath]

Hi All -

Looking at the new permissions (rights) screen in 4.0.6 and it looks really
good!  Although it has me a little confused.  It looks like on any rights
page i see General Rights, Rights for Staff, and Rights for
Administrators.  What deems someone staff and/or administrators and
who does General rights get applies to?

Thanks!
--
Max McGrath
Network Administrator
Carthage College
262-552-5512
mmcgr...@carthage.edu

Re: [rt-users] Permissions in RT 4.0.6

[Ruslan Zakirov]

On Fri, Jun 8, 2012 at 7:51 PM, Max McGrath mmcgr...@carthage.edu wrote:
 Hi All -

 Looking at the new permissions (rights) screen in 4.0.6 and it looks really
 good!  Although it has me a little confused.  It looks like on any rights
 page i see General Rights, Rights for Staff, and Rights for
 Administrators.  What deems someone staff and/or administrators and who
 does General rights get applies to?

These are just grouping of the rights into groups. Rights usually
granted to Staff, to administrators and rights general enough to be
granted to anybody.

 Thanks!
 --
 Max McGrath
 Network Administrator
 Carthage College
 262-552-5512
 mmcgr...@carthage.edu



-- 
Best regards, Ruslan.

[rt-users] permissions in v4 versus v3.8.7

[Poulter, Dale]

Greetings,

We are working towards migrating our RT installation from v3.8.7 to v4.0.4, but 
have encountered an issue with permissions.  We have a queue(maintenance) that 
gets many requests daily and often fills up the Newest Unowned section of the 
RT at a Glance.  In v3.8.7 we were able to give everyone create ticket rights 
to the maintenance queue but not view rights.  This resulted in everyone being 
able to submit to the maintenance queue but not see the unowned tickets.  In 
version 4 I have the same settings but the unowned tickets are showing even if 
the view queue is not selected.  Is this still possible in version 4? Am I 
missing something obvious?  Thanks.


--Dale

---
Dale Poulter
Automation Coordinator
Library Information Technology Services
Vanderbilt University
419 21st Avenue South, Room 812
Nashville, TN  37203-2427
(615)343-5388
(615)343-8834 (fax)
(615)207-9705 (cell)
dale.poul...@vanderbilt.edumailto:dale.poul...@vanderbilt.edu


RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] permissions in v4 versus v3.8.7

[Thomas Sibley]

On 01/04/2012 04:07 PM, Poulter, Dale wrote:
 In version 4 I have the same settings but the unowned tickets are
 showing even if the “view queue” is not selected.  Is this still
 possible in version 4? Am I missing something obvious?  Thanks.

I'm betting you don't actually have the same rights setup.  View Queue
is SeeQueue, and that only controls the visibility of the queue _name_.
 ShowTicket is the right that lets people see tickets in a queue.  You
probably have it granted too widely.

Thomas

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] permissions in v4 versus v3.8.7

[Poulter, Dale]

Thanks for the help.  This did seem to correct the issue, strange though that 
it worked in 3.8.7.

-Original Message-
From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Thomas Sibley
Sent: Wednesday, January 04, 2012 3:13 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] permissions in v4 versus v3.8.7

On 01/04/2012 04:07 PM, Poulter, Dale wrote:
 In version 4 I have the same settings but the unowned tickets are 
 showing even if the “view queue” is not selected.  Is this still 
 possible in version 4? Am I missing something obvious?  Thanks.

I'm betting you don't actually have the same rights setup.  View Queue
is SeeQueue, and that only controls the visibility of the queue _name_.
 ShowTicket is the right that lets people see tickets in a queue.  You probably 
have it granted too widely.

Thomas

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] Permissions question

[mjames]

I figured out what I was doing wrong. Thanks, Kenn.

From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kenneth Crocker
Sent: Friday, November 25, 2011 5:25 PM
To: RT User List
Subject: Re: [rt-users] Permissions question

Mike,

I'm not sure what you mean by logged in as a GROUP member. You log in as a 
User and you are either in a group or you are not.

The thing about saved searches is this; all groups have rights associated with 
them, giving members certain rights that pertain to any searches saved under 
that group. If you are a member of that group, you will have those rights.

You should look at what groups you are a member of (go to 
Tools-Config-Users-memberships) and then look at what rights are given to 
members of those groups.

That'll do for a start.

hope this helps.

Kenn
On Fri, Nov 25, 2011 at 12:19 PM, 
mja...@guesswho.commailto:mja...@guesswho.com wrote:
The next question about permissions. I've given my NetOps user group global 
rights to CreateSavedSearch, LoadSavedSearch, ShowSavedSearches, and 
EditSavedSearches. Still, when I log on to RT (4.0.4) as a group member and go 
to Tickets - New Search and select NetOps's Saved Searches in the Privacy 
dropdown, none of the saved searches show in the Load dropdown.

I must be partway there, because under Logged in as mjames - Settings - Saved 
Searches, I can see the NetOps saved search. I can't load it or run it from 
there, however.  What am I missing?

Mike

From: 
rt-users-boun...@lists.bestpractical.commailto:rt-users-boun...@lists.bestpractical.com
 
[mailto:rt-users-boun...@lists.bestpractical.commailto:rt-users-boun...@lists.bestpractical.com]
 On Behalf Of mja...@guesswho.commailto:mja...@guesswho.com
Sent: Friday, November 25, 2011 10:29 AM
To: rt-users@lists.bestpractical.commailto:rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Permissions question

Thanks, Kenn. That worked.

From: 
rt-users-boun...@lists.bestpractical.commailto:rt-users-boun...@lists.bestpractical.com
 
[mailto:rt-users-boun...@lists.bestpractical.com]mailto:[mailto:rt-users-boun...@lists.bestpractical.com]
 On Behalf Of Kenneth Crocker
Sent: Wednesday, November 23, 2011 4:28 PM
To: RT User List
Subject: Re: [rt-users] Permissions question

Mike,

The correct navigation would be Tools-Config-Global-Group Rights where you 
then pick a system group, role, or add a User-defined Group.

Kenn
On Wed, Nov 23, 2011 at 1:17 PM, 
mja...@guesswho.commailto:mja...@guesswho.com wrote:
RT 4.0.4 How do I give a group rights to create/delete/view Saved Searches? As 
root, I went to Tools..Configuration..Groups and selected my group. I tried 
different combinations of Group and User Rights, but still the group members 
can't see/create/delete Saved Searches.

Also, when logged in as a group member, I don't see the About Me item under 
Logged in as Mike.  Still wrapping my head around rights in v4.0.x

Mike


RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain - November 28  29, 2011



RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain - November 28  29, 2011


RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain — November 28  29, 2011

Re: [rt-users] Permissions question

[mjames]

Thanks, Kenn. That worked.

From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kenneth Crocker
Sent: Wednesday, November 23, 2011 4:28 PM
To: RT User List
Subject: Re: [rt-users] Permissions question

Mike,

The correct navigation would be Tools-Config-Global-Group Rights where you 
then pick a system group, role, or add a User-defined Group.

Kenn
On Wed, Nov 23, 2011 at 1:17 PM, 
mja...@guesswho.commailto:mja...@guesswho.com wrote:
RT 4.0.4 How do I give a group rights to create/delete/view Saved Searches? As 
root, I went to Tools..Configuration..Groups and selected my group. I tried 
different combinations of Group and User Rights, but still the group members 
can't see/create/delete Saved Searches.

Also, when logged in as a group member, I don't see the About Me item under 
Logged in as Mike.  Still wrapping my head around rights in v4.0.x

Mike


RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain - November 28  29, 2011


RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain — November 28  29, 2011

Re: [rt-users] Permissions question

[mjames]

The next question about permissions. I've given my NetOps user group global 
rights to CreateSavedSearch, LoadSavedSearch, ShowSavedSearches, and 
EditSavedSearches. Still, when I log on to RT (4.0.4) as a group member and go 
to Tickets - New Search and select NetOps's Saved Searches in the Privacy 
dropdown, none of the saved searches show in the Load dropdown.

I must be partway there, because under Logged in as mjames - Settings - Saved 
Searches, I can see the NetOps saved search. I can't load it or run it from 
there, however.  What am I missing?

Mike

From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of 
mja...@guesswho.com
Sent: Friday, November 25, 2011 10:29 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Permissions question

Thanks, Kenn. That worked.

From: 
rt-users-boun...@lists.bestpractical.commailto:rt-users-boun...@lists.bestpractical.com
 
[mailto:rt-users-boun...@lists.bestpractical.com]mailto:[mailto:rt-users-boun...@lists.bestpractical.com]
 On Behalf Of Kenneth Crocker
Sent: Wednesday, November 23, 2011 4:28 PM
To: RT User List
Subject: Re: [rt-users] Permissions question

Mike,

The correct navigation would be Tools-Config-Global-Group Rights where you 
then pick a system group, role, or add a User-defined Group.

Kenn
On Wed, Nov 23, 2011 at 1:17 PM, 
mja...@guesswho.commailto:mja...@guesswho.com wrote:
RT 4.0.4 How do I give a group rights to create/delete/view Saved Searches? As 
root, I went to Tools..Configuration..Groups and selected my group. I tried 
different combinations of Group and User Rights, but still the group members 
can't see/create/delete Saved Searches.

Also, when logged in as a group member, I don't see the About Me item under 
Logged in as Mike.  Still wrapping my head around rights in v4.0.x

Mike


RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain - November 28  29, 2011


RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain — November 28  29, 2011

Re: [rt-users] Permissions question

[Kenneth Crocker]

Mike,

I'm not sure what you mean by logged in as a GROUP member. You log in as
a User and you are either in a group or you are not.

The thing about saved searches is this; all groups have rights associated
with them, giving members certain rights that pertain to any searches saved
under that group. If you are a member of that group, you will have those
rights.

You should look at what groups you are a member of (go to
Tools-Config-Users-memberships) and then look at what rights are given
to members of those groups.

That'll do for a start.

hope this helps.

Kenn

On Fri, Nov 25, 2011 at 12:19 PM, mja...@guesswho.com wrote:

 The next question about permissions. I’ve given my NetOps user group
 global rights to CreateSavedSearch, LoadSavedSearch, ShowSavedSearches, and
 EditSavedSearches. Still, when I log on to RT (4.0.4) as a group member and
 go to Tickets - New Search and select “NetOps’s Saved Searches” in the
 Privacy dropdown, none of the saved searches show in the Load dropdown. **
 **

 ** **

 I must be partway there, because under Logged in as mjames - Settings -
 Saved Searches, I can see the NetOps saved search. I can’t load it or run
 it from there, however.  What am I missing?

 ** **

 Mike

 ** **

 *From:* rt-users-boun...@lists.bestpractical.com [mailto:
 rt-users-boun...@lists.bestpractical.com] *On Behalf Of *
 mja...@guesswho.com
 *Sent:* Friday, November 25, 2011 10:29 AM
 *To:* rt-users@lists.bestpractical.com
 *Subject:* Re: [rt-users] Permissions question

 ** **

 Thanks, Kenn. That worked.

 ** **

 *From:* rt-users-boun...@lists.bestpractical.com
 [mailto:rt-users-boun...@lists.bestpractical.com] *On Behalf Of *Kenneth
 Crocker
 *Sent:* Wednesday, November 23, 2011 4:28 PM
 *To:* RT User List
 *Subject:* Re: [rt-users] Permissions question

 ** **

 Mike,

 The correct navigation would be Tools-Config-Global-Group Rights where
 you then pick a system group, role, or add a User-defined Group.

 Kenn

 On Wed, Nov 23, 2011 at 1:17 PM, mja...@guesswho.com wrote:

 RT 4.0.4 How do I give a group rights to create/delete/view Saved
 Searches? As root, I went to Tools..Configuration..Groups and selected my
 group. I tried different combinations of Group and User Rights, but still
 the group members can’t see/create/delete Saved Searches.

  

 Also, when logged in as a group member, I don’t see the “About Me” item
 under “Logged in as Mike”.  Still wrapping my head around rights in v4.0.x
 

  

 Mike


 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 *  Barcelona, Spain — November 28  29, 2011

 ** **

 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 *  Barcelona, Spain — November 28  29, 2011


RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain — November 28  29, 2011

[rt-users] Permissions question

[mjames]

RT 4.0.4 How do I give a group rights to create/delete/view Saved Searches? As 
root, I went to Tools..Configuration..Groups and selected my group. I tried 
different combinations of Group and User Rights, but still the group members 
can't see/create/delete Saved Searches.

Also, when logged in as a group member, I don't see the About Me item under 
Logged in as Mike.  Still wrapping my head around rights in v4.0.x

Mike

RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain — November 28  29, 2011

Re: [rt-users] Permissions question

[Kenneth Crocker]

Mike,

The correct navigation would be Tools-Config-Global-Group Rights where
you then pick a system group, role, or add a User-defined Group.

Kenn

On Wed, Nov 23, 2011 at 1:17 PM, mja...@guesswho.com wrote:

 RT 4.0.4 How do I give a group rights to create/delete/view Saved
 Searches? As root, I went to Tools..Configuration..Groups and selected my
 group. I tried different combinations of Group and User Rights, but still
 the group members can’t see/create/delete Saved Searches.

 ** **

 Also, when logged in as a group member, I don’t see the “About Me” item
 under “Logged in as Mike”.  Still wrapping my head around rights in v4.0.x
 

 ** **

 Mike

 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 *  Barcelona, Spain — November 28  29, 2011


RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain — November 28  29, 2011

Re: [rt-users] Permissions problem. Cannot view queues/tickets or make changes to config as super user

[Ruslan Zakirov]

http://requesttracker.wikia.com/wiki/RecoverSuperUserRights

Regards, Ruslan. From phone.
02.09.2011 0:18 пользователь josh.cole josh.c...@fresno.edu написал:

 Roy,

 I very much appreciate your response, especially considering it must have
 been a careless mistake that
 I made that put me in this position. Thanks so much.



 Raed El-Hames-4 wrote:

 Josh,

 As far as I know your only fix is through the database directly.
 Login in to your RT database and

 select id from Users where Name = 'root'; #on my system the id of root ==
 12

 select id from Groups where Name = 'User 12'; #on my system this id = 13

 select id from Principals where ObjectId = 13 and PrincipalType =
'Group';
 #most likely this should be the same as above in my case 13

 select * from ACL where PrincipalId = 13 and PrincipalType = 'Group';
 #This should return a row with

++---+-+---++--+-+---+
 | id | PrincipalType | PrincipalId | RightName | ObjectType | ObjectId |
 DelegatedBy | DelegatedFrom |

++---+-+---++--+-+---+
 | 3 | Group | 13 | SuperUser | RT::System | 1 |
 0 | 0 |

++---+-+---++--+-+---+

 But in your case most likely it wont , so you will need to insert a new
 row into your ACL table to match the above.
 (Remember that the id field is auto increment so you don't include it in
 your insert statement).

 Hope that helps;

 Regards;
 Roy


 Visit our website today www.daisygroupplc.com

 Registered Office: Daisy House, Lindred Road Business Park, Nelson,
 Lancashire BB9 5SR
 Company Registration Number: 4145329 | VAT Number: 722471355
 Daisy Communications Limited is a company registered in England and
Wales.
 DISCLAIMER

 This email (including any attachments) is strictly confidential and may
 also be legally privileged. If the recipient has received this email in
 error please notify the sender and do not read, print, re-transmit, store
 or act in reliance on the email or its attachments and immediately delete
 this email and its attachments from the recipient's system. Daisy
 Communications Limited cannot accept liability for any breaches of
 confidence arising through use of email. Employees of Daisy
Communications
 Limited are expressly required not to make any defamatory statements and
 not to infringe or authorise any infringement of copyright or any other
 legal right by email communications. Any such communication is contrary
to
 the company's policy and outside the scope of the employment of the
 individual concerned. Daisy Communications Limited will not accept any
 liability in respect of such a communication, and the employee
responsible
 will be personally liable for any damages or other liabi
 lity arising.

 If you are the intended recipient of this email please ensure that
neither
 the email nor any attachments are copied to third parties outside your
 organisation or saved without the written permission of the sender. In
 the event of any unauthorised copying or forwarding, the recipient will
be
 required to indemnify Daisy Communications Limited against any claim for
 loss or damage caused by any viruses or otherwise.

 WARNING: Computer viruses can be transmitted by email. The recipient
 should check this email and any attachments for the presence of viruses.
 Daisy Communications Limited accepts no liability for any damage caused
by
 any virus transmitted by this email or any attachments.
 NOTICE TO CUSTOMERS
 If you have ordered a telephone number from Daisy Communications Limited
 (non-geographic or new line installation) please do NOT arrange for any
 form of advertising until the number is live and tested.


 -Original Message-
 From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-
 boun...@lists.bestpractical.com] On Behalf Of josh.cole
 Sent: 01 September 2011 00:29
 To: rt-users@lists.bestpractical.com
 Subject: [rt-users] Permissions problem. Cannot view queues/tickets or
 make changes to config as super user


 Permissions problem. Cannot view queues/tickets or make changes to
config
 as
 super user. I am logging in as root. Not sure what I did to cause this
 problem but if anyone is willing to tell me how to resolve this problem
 that
 would be great.

 -Josh
 --
 View this message in context:
http://old.nabble.com/Permissions-problem.-
 Cannot-view-queues-tickets-or-make-changes-to-config-as-super-user-
 tp32376364p32376364.html
 Sent from the Request Tracker - User mailing list archive at Nabble.com.

 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 * Chicago, IL, USA September 26  27, 2011
 * San Francisco, CA, USA October 18  19, 2011
 * Washington DC, USA October 31  November 1, 2011
 * Melbourne VIC, Australia November 28  29, 2011
 * Barcelona, Spain November 28  29, 2011

 
 RT

Re: [rt-users] Permissions problem. Cannot view queues/tickets or make changes to config as super user

[Raed El-Hames]

Josh,

As far as I know your only fix is through the database directly.
Login in to your RT database and

select id from Users where Name = 'root';  #on my system the id of root == 12

select id from Groups where Name = 'User 12'; #on my system this id = 13

select id from Principals where ObjectId = 13 and PrincipalType = 'Group'; 
#most likely this should be the same as above in my case 13

select * from ACL where PrincipalId = 13 and PrincipalType = 'Group'; #This 
should return a row with
++---+-+---++--+-+---+
| id | PrincipalType | PrincipalId | RightName | ObjectType | ObjectId | 
DelegatedBy | DelegatedFrom |
++---+-+---++--+-+---+
|  3 | Group |  13 | SuperUser | RT::System |1 |
   0 | 0 |
++---+-+---++--+-+---+

But in your case most likely it wont , so you will need to insert a new row 
into your ACL table to match the above.
(Remember that the id field is auto increment so you don't include it in your 
insert statement).

Hope that helps;

Regards;
Roy


Visit our website today www.daisygroupplc.com

Registered Office: Daisy House, Lindred Road Business Park, Nelson, Lancashire 
BB9 5SR
Company Registration Number: 4145329 |   VAT Number: 722471355
Daisy Communications Limited is a company registered in England and Wales.
DISCLAIMER

This email (including any attachments) is strictly confidential and may also be 
legally privileged. If the recipient has received this email in error please 
notify the sender and do not read, print, re-transmit, store or act in reliance 
on the email or its attachments and immediately delete this email and its 
attachments from the recipient's system. Daisy Communications Limited cannot 
accept liability for any breaches of confidence arising through use of email. 
Employees of Daisy Communications Limited are expressly required not to make 
any defamatory statements and not to infringe or authorise any infringement of 
copyright or any other legal right by email communications. Any such 
communication is contrary to the company's policy and outside the scope of the 
employment of the individual concerned. Daisy Communications Limited will not 
accept any liability in respect of such a communication, and the employee 
responsible will be personally liable for any damages or other liabi
 lity arising.

If you are the intended recipient of this email please ensure that neither the 
email nor any attachments are copied to third parties outside your organisation 
or saved without the written permission of the sender.  In the event of any 
unauthorised copying or forwarding, the recipient will be required to indemnify 
Daisy Communications Limited against any claim for loss or damage caused by any 
viruses or otherwise.

WARNING: Computer viruses can be transmitted by email. The recipient should 
check this email and any attachments for the presence of viruses. Daisy 
Communications Limited accepts no liability for any damage caused by any virus 
transmitted by this email or any attachments.
NOTICE TO CUSTOMERS
If you have ordered a telephone number from Daisy Communications Limited 
(non-geographic or new line installation) please do NOT arrange for any form of 
advertising until the number is live and tested.


-Original Message-
 From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-
 boun...@lists.bestpractical.com] On Behalf Of josh.cole
 Sent: 01 September 2011 00:29
 To: rt-users@lists.bestpractical.com
 Subject: [rt-users] Permissions problem. Cannot view queues/tickets or
 make changes to config as super user


 Permissions problem. Cannot view queues/tickets or make changes to config
 as
 super user. I am logging in as root. Not sure what I did to cause this
 problem but if anyone is willing to tell me how to resolve this problem
 that
 would be great.

 -Josh
 --
 View this message in context: http://old.nabble.com/Permissions-problem.-
 Cannot-view-queues-tickets-or-make-changes-to-config-as-super-user-
 tp32376364p32376364.html
 Sent from the Request Tracker - User mailing list archive at Nabble.com.

 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 *  Chicago, IL, USA  September 26  27, 2011
 *  San Francisco, CA, USA  October 18  19, 2011
 *  Washington DC, USA  October 31  November 1, 2011
 *  Melbourne VIC, Australia  November 28  29, 2011
 *  Barcelona, Spain  November 28  29, 2011


RT Training Sessions (http://bestpractical.com/services/training.html)
*  Chicago, IL, USA  September 26  27, 2011
*  San Francisco, CA, USA  October 18  19, 2011
*  Washington DC, USA  October 31  November 1, 2011
*  Melbourne VIC, Australia  November 28  29, 2011
*  Barcelona, Spain  November 28  29, 2011

Re: [rt-users] Permissions problem. Cannot view queues/tickets or make changes to config as super user

[josh.cole]

Roy, 

I very much appreciate your response, especially considering it must have
been a careless mistake that 
I made that put me in this position. Thanks so much. 



Raed El-Hames-4 wrote:
 
 Josh,
 
 As far as I know your only fix is through the database directly.
 Login in to your RT database and
 
 select id from Users where Name = 'root';  #on my system the id of root ==
 12
 
 select id from Groups where Name = 'User 12'; #on my system this id = 13
 
 select id from Principals where ObjectId = 13 and PrincipalType = 'Group';
 #most likely this should be the same as above in my case 13
 
 select * from ACL where PrincipalId = 13 and PrincipalType = 'Group';
 #This should return a row with
 ++---+-+---++--+-+---+
 | id | PrincipalType | PrincipalId | RightName | ObjectType | ObjectId |
 DelegatedBy | DelegatedFrom |
 ++---+-+---++--+-+---+
 |  3 | Group |  13 | SuperUser | RT::System |1 |  
 
 0 | 0 |
 ++---+-+---++--+-+---+
 
 But in your case most likely it wont , so you will need to insert a new
 row into your ACL table to match the above.
 (Remember that the id field is auto increment so you don't include it in
 your insert statement).
 
 Hope that helps;
 
 Regards;
 Roy
 

 Visit our website today www.daisygroupplc.com
 
 Registered Office: Daisy House, Lindred Road Business Park, Nelson,
 Lancashire BB9 5SR
 Company Registration Number: 4145329 |   VAT Number: 722471355
 Daisy Communications Limited is a company registered in England and Wales.
 DISCLAIMER
 
 This email (including any attachments) is strictly confidential and may
 also be legally privileged. If the recipient has received this email in
 error please notify the sender and do not read, print, re-transmit, store
 or act in reliance on the email or its attachments and immediately delete
 this email and its attachments from the recipient's system. Daisy
 Communications Limited cannot accept liability for any breaches of
 confidence arising through use of email. Employees of Daisy Communications
 Limited are expressly required not to make any defamatory statements and
 not to infringe or authorise any infringement of copyright or any other
 legal right by email communications. Any such communication is contrary to
 the company's policy and outside the scope of the employment of the
 individual concerned. Daisy Communications Limited will not accept any
 liability in respect of such a communication, and the employee responsible
 will be personally liable for any damages or other liabi
  lity arising.
 
 If you are the intended recipient of this email please ensure that neither
 the email nor any attachments are copied to third parties outside your
 organisation or saved without the written permission of the sender.  In
 the event of any unauthorised copying or forwarding, the recipient will be
 required to indemnify Daisy Communications Limited against any claim for
 loss or damage caused by any viruses or otherwise.
 
 WARNING: Computer viruses can be transmitted by email. The recipient
 should check this email and any attachments for the presence of viruses.
 Daisy Communications Limited accepts no liability for any damage caused by
 any virus transmitted by this email or any attachments.
 NOTICE TO CUSTOMERS
 If you have ordered a telephone number from Daisy Communications Limited
 (non-geographic or new line installation) please do NOT arrange for any
 form of advertising until the number is live and tested.
 
 
 -Original Message-
 From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-
 boun...@lists.bestpractical.com] On Behalf Of josh.cole
 Sent: 01 September 2011 00:29
 To: rt-users@lists.bestpractical.com
 Subject: [rt-users] Permissions problem. Cannot view queues/tickets or
 make changes to config as super user


 Permissions problem. Cannot view queues/tickets or make changes to config
 as
 super user. I am logging in as root. Not sure what I did to cause this
 problem but if anyone is willing to tell me how to resolve this problem
 that
 would be great.

 -Josh
 --
 View this message in context: http://old.nabble.com/Permissions-problem.-
 Cannot-view-queues-tickets-or-make-changes-to-config-as-super-user-
 tp32376364p32376364.html
 Sent from the Request Tracker - User mailing list archive at Nabble.com.

 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 *  Chicago, IL, USA  September 26  27, 2011
 *  San Francisco, CA, USA  October 18  19, 2011
 *  Washington DC, USA  October 31  November 1, 2011
 *  Melbourne VIC, Australia  November 28  29, 2011
 *  Barcelona, Spain  November 28  29, 2011
 
 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 *  Chicago, IL

[rt-users] Permissions for saved search on RT at a Glance

[Alister West]

Hi,

I have a new install of RT and would like to change the default 
RT-at-a-Glance for everyone.


I followed the instructions on the wiki here and I have it working for 
the root user.

http://wiki.bestpractical.com/view/ChangeDefaultRTAtAGlance


I created a 'support' group and added 4 users to that group.
I also created an 'Approvers' group but no-one is in that yet.

I saved my custom query as 'RT System saved searches  My Service Requests'.

In Config  Groups  'Support'  Group Rights
I added 'ShowSavedSearches' to both the 'System Privileged' group and 
the 'User defined - Support' group.


Unfortunately I get the error Predefined search My Service Requests not 
found when logging in as the Support user Phil.



Have I missed something simple with my Permissions settings?


Thanks in advance,

Alister



--
Alister West alis...@gossamer-threads.com
w: http://www.gossamer-threads.com

RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!

Re: [rt-users] Permissions for saved search on RT at a Glance

[Alister West]

I found my Permission setting and now everything works as expected.

It was the global config that I needed to change.

Config  _Global_  Groups  Privileged  ShowSavedSearches.

I have updated the wiki to make this more clear.
http://wiki.bestpractical.com/view/ChangeDefaultRTAtAGlance


Cheers,

Alister West alis...@gossamer-threads.com



On 10-08-20 10:58 AM, Alister West wrote:


Hi,

I have a new install of RT and would like to change the default
RT-at-a-Glance for everyone.

I followed the instructions on the wiki here and I have it working for
the root user.
http://wiki.bestpractical.com/view/ChangeDefaultRTAtAGlance


I created a 'support' group and added 4 users to that group.
I also created an 'Approvers' group but no-one is in that yet.

I saved my custom query as 'RT System saved searches  My Service
Requests'.

In Config  Groups  'Support'  Group Rights
I added 'ShowSavedSearches' to both the 'System Privileged' group and
the 'User defined - Support' group.

Unfortunately I get the error Predefined search My Service Requests not
found when logging in as the Support user Phil.


Have I missed something simple with my Permissions settings?


Thanks in advance,

Alister





RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!

Re: [rt-users] Permissions for saved search on RT at a Glance

[Kenneth Crocker]

Alister,

What we did was grant all the Search privileges (Show, Save, Modify,
etc) *Globally
to all Privileged *
Users. This did *NOT* affect Personal Searches. For Groups, it allows those
rights *IF AND ONLY IF* they are a *member of said group*. By doing it this
way, we saved ourselves a *WHOLE BUNCH* of maintenance.

Just a thought on rights management.

Kenn
LBNL

On Fri, Aug 20, 2010 at 11:24 AM, Alister West alis...@gossamer-threads.com
 wrote:


 I found my Permission setting and now everything works as expected.

 It was the global config that I needed to change.

 Config  _Global_  Groups  Privileged  ShowSavedSearches.

 I have updated the wiki to make this more clear.

 http://wiki.bestpractical.com/view/ChangeDefaultRTAtAGlance


 Cheers,


 Alister West alis...@gossamer-threads.com



 On 10-08-20 10:58 AM, Alister West wrote:


 Hi,

 I have a new install of RT and would like to change the default
 RT-at-a-Glance for everyone.

 I followed the instructions on the wiki here and I have it working for
 the root user.
 http://wiki.bestpractical.com/view/ChangeDefaultRTAtAGlance


 I created a 'support' group and added 4 users to that group.
 I also created an 'Approvers' group but no-one is in that yet.

 I saved my custom query as 'RT System saved searches  My Service
 Requests'.

 In Config  Groups  'Support'  Group Rights
 I added 'ShowSavedSearches' to both the 'System Privileged' group and
 the 'User defined - Support' group.

 Unfortunately I get the error Predefined search My Service Requests not
 found when logging in as the Support user Phil.


 Have I missed something simple with my Permissions settings?


 Thanks in advance,

 Alister




 RT Training in Washington DC, USA on Oct 25  26 2010
 Last one this year -- Learn how to get the most out of RT!


RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!

[rt-users] Permissions question

[David Nalley]

Quick perms question. 
I have a group of users that I would like to restrict the tickets that they can 
see to tickets they are listed as an admincc on. Thus they would get a limited 
view of the queue. Based on my testing this doesn't seem possible, but I 
thought I would at least pose the question. 
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

Re: [rt-users] Permissions by custom field

[Rainer Duffner]

Todd Chapman schrieb:
 It is possible without a special queue, and it's not that hard. :)

   

OK, can you point me to where this is described?
Or describe it yourself?
Because I was looking for it very long in the wiki and couldn't find it ;-)


Best Regards,
Rainer
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

Re: [rt-users] Permissions by custom field

[Todd Chapman]

I described it very early in this thread. Basically:

1. create a group for each customer.
2. create a scrip that assigns that group as a Cc to the ticket when
the ticket is created.
3. give ShowTicket to the Cc role.

On Tue, Jul 15, 2008 at 12:19 PM, Rainer Duffner [EMAIL PROTECTED] wrote:
 Todd Chapman schrieb:

 It is possible without a special queue, and it's not that hard. :)



 OK, can you point me to where this is described?
 Or describe it yourself?
 Because I was looking for it very long in the wiki and couldn't find it ;-)


 Best Regards,
 Rainer

___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

Re: [rt-users] Permissions by custom field

[Braam van Heerden]

Kenneth,

Todd Chapman sent some suggestions I will try.   

I will try to be a bit more clear in my problem statement:

We have a single queue called support that handles all tickets from 
various customers we have SLA's with.  For ease of use we decided to 
only use a single queue and not create a queue per customer (as that 
list fluctuates sometimes).  Also, we have certain information on what 
packages our customers offer to their customers, and how this is 
implemented, and all this is bound by NDA's, so it's imperative we do 
not let one customer see the details of another customer's tickets.  To 
differentiate tickets raised by various customers we created a Custom 
Field that contains the name of the customer.

Now, the issue is this:  CustomerA has got a number of employees: Empl1, 
Empl2 and Empl3.  Either of them can raise a ticket, and we will respond 
and close the ticket.  Now, some time later the COO/CEO of CustomerA 
requires access to all tickets raised by the various employees to track 
who has not done their job, or where contractual violations occurred.

How can we grant this user access to all tickets raised by his company 
(and tagged by a certain Custom Field), whilst not allowing him access 
to tickets raised by other customers?

Right now I am leaning towards creating a group for every customer, then 
add the group as a Requestor/Cc for the ticket.  If I understand things 
correctly group members should then have access to all tickets created 
under that group, if I give ShowTicket to the group, but to no others.  
Not sure if there's an esier way to do this, though.

Thanks :)

Braam van Heerden
Conversant Systems (Pty) Ltd
Tel: +27 11 782 2930
Cell: +27 82 336 4643
Skype: braamvh 


 -Original Message-
 From: Kenneth Crocker [mailto:[EMAIL PROTECTED] 
 Sent: 11 July 2008 18:39 PM
 To: Braam van Heerden
 Cc: [EMAIL PROTECTED]
 Subject: Re: [rt-users] Permissions by custom field
 
 Braam,
 
 
   I'm a bit confused. Your subject line mentions 
 permissions and I don't see that question here. As to Custom 
 Fields, what is the correlation between customer and company? 
 Normally, I would think it was  one to one. However, if you 
 are creating tickets for someone else, you can modify the 
 Requestor to be the customer and not you. You will still be 
 the creator. Then, you can have a CF that is the company.
   Permissions would be simpler. You could grant the right 
 to ShowTicket 
 Globally to the Requestor role and that would keep your customer 
 from seeing other customer (Requestor) tickets. Then you 
 merely go to your Custom Field and apply it to the support 
 queue and then go to Group Rights and grant 
 SeeCustomField to Privileged. That way all privileged users 
 will be able to see that field as well as the ticket in a 
 queue they are privileged to access. Hope this helps.
 
 
 Kenn
 LBNL
 
 On 7/11/2008 6:01 AM, Braam van Heerden wrote:
  Greetings,
  
  After reading the permissions wiki I still can't figure out how to 
  achieve what my MD wants.  Please excuse me if this is 
 described there.
  I am still fairly new at RT and the permissions system.
  
  We have a queue called Support where all our product 
 support requests 
  from clients go into.  We also have a custom field called Client 
  that contains the name of the customer the ticket was 
 raised for.  Our 
  customers can log into RT and see all the tickets they 
 originated, but 
  some managers would like to see all the tickets generated for their 
  company.  How can we set up the permissions to achieve this?
  
  Clients are not allowed to see other client's tickets, and we would 
  prefer not to create a queue for each customer, as this 
 sometimes vary.
  
  Any tips would be appreciated.  We are running RT 3.6.6.
  
  Thanks :)
  
  Braam van Heerden
  Conversant Systems (Pty) Ltd
  Tel: +27 11 782 2930
  Cell: +27 82 336 4643
  Skype: braamvh
  ___
  http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
  
  Community help: http://wiki.bestpractical.com Commercial support: 
  [EMAIL PROTECTED]
  
  
  Discover RT's hidden secrets with RT Essentials from 
 O'Reilly Media. 
  Buy a copy at http://rtbook.bestpractical.com
  
 
 
 
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

Re: [rt-users] Permissions by custom field

[Rainer Duffner]

Braam van Heerden schrieb:
 Kenneth,

 Todd Chapman sent some suggestions I will try.   

 I will try to be a bit more clear in my problem statement:
   

I solved this by creating a queue for the customer and making one user a 
privileged user for that queue only.
So he can see all tickets.
Support staff here must move tickets into that queue first, though.
(I think that's all I had to do, but I can't remember 100%).

This is really one of the few problematic areas of RT - it's a common 
problem with control-freak bosses of partners who want to see all 
tickets, so they can judge (from the amount and from cross-reading them) 
if there is a problem or not...

I wish, this was possible without a special queue.


cu,
Rainer
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

Re: [rt-users] Permissions by custom field

[Todd Chapman]

It is possible without a special queue, and it's not that hard. :)

On Mon, Jul 14, 2008 at 9:25 AM, Rainer Duffner [EMAIL PROTECTED] wrote:
 Braam van Heerden schrieb:
 Kenneth,

 Todd Chapman sent some suggestions I will try.

 I will try to be a bit more clear in my problem statement:


 I solved this by creating a queue for the customer and making one user a
 privileged user for that queue only.
 So he can see all tickets.
 Support staff here must move tickets into that queue first, though.
 (I think that's all I had to do, but I can't remember 100%).

 This is really one of the few problematic areas of RT - it's a common
 problem with control-freak bosses of partners who want to see all
 tickets, so they can judge (from the amount and from cross-reading them)
 if there is a problem or not...

 I wish, this was possible without a special queue.


 cu,
 Rainer
 ___
 http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

 Community help: http://wiki.bestpractical.com
 Commercial support: [EMAIL PROTECTED]


 Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
 Buy a copy at http://rtbook.bestpractical.com

___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

Re: [rt-users] Permissions by custom field

[Braam van Heerden]

Roy,

Here's the reply from Todd:

--

your clients are the requestor of the ticket? if so just give the 
Requestor role ShowTicket. if every employee of a particular client 
needs to see each ticket you may have to create a scrip to add the 
client's group as Cc and give ShowTicket to the Cc role.

-- 

Very similar to your solution.

- Braam


 Hi Braam;
 
 Its always interesting to read Todd's suggestions cause he is 
 always spot on; but could n't find them in the thread , ist 
 possible to forward them to the list please.
 With regard to dealing with customers, our implementation 
 here is exactly as you suggested, we group our customer 
 contacts , if any of the contacts open a ticket (via 
 web/mail), a scrip action add the rest of the customer group 
 contacts as requestors; and a set a cf to the customer 
 name(organisation), then all customer contacts can login to 
 the self service interface and view/update the tickets.
 This have served us well for the past few years, the only 
 issue we get every now and then, is when we add a new 
 customer contact that need visibility of old ticket, for this 
 I have a perl script that crawl tickets looking for tickets 
 with cf for the customer and add the new contact as requester.
 I am not an admirer of queue per customer, my philosophy is 
 that queues should represent the internal departments.
 
 Regards;
 Roy

___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

Re: [rt-users] Permissions by custom field

[Roy El-Hames]

Hi Braam;

Its always interesting to read Todd's suggestions cause he is always 
spot on; but could n't find them in the thread , ist possible to forward 
them to the list please.
With regard to dealing with customers, our implementation here is 
exactly as you suggested, we group our customer contacts , if any of the 
contacts open a ticket (via web/mail), a scrip action add the rest of 
the customer group contacts as requestors; and a set a cf to the 
customer name(organisation), then all customer contacts can login to the 
self service interface and view/update the tickets.
This have served us well for the past few years, the only issue we get 
every now and then, is when we add a new customer contact that need 
visibility of old ticket, for this I have a perl script that crawl 
tickets looking for tickets with cf for the customer and add the new 
contact as requester.
I am not an admirer of queue per customer, my philosophy is that queues 
should represent the internal departments.

Regards;
Roy

Braam van Heerden wrote:
 Kenneth,

 Todd Chapman sent some suggestions I will try.   

 I will try to be a bit more clear in my problem statement:

 We have a single queue called support that handles all tickets from 
 various customers we have SLA's with.  For ease of use we decided to 
 only use a single queue and not create a queue per customer (as that 
 list fluctuates sometimes).  Also, we have certain information on what 
 packages our customers offer to their customers, and how this is 
 implemented, and all this is bound by NDA's, so it's imperative we do 
 not let one customer see the details of another customer's tickets.  To 
 differentiate tickets raised by various customers we created a Custom 
 Field that contains the name of the customer.

 Now, the issue is this:  CustomerA has got a number of employees: Empl1, 
 Empl2 and Empl3.  Either of them can raise a ticket, and we will respond 
 and close the ticket.  Now, some time later the COO/CEO of CustomerA 
 requires access to all tickets raised by the various employees to track 
 who has not done their job, or where contractual violations occurred.

 How can we grant this user access to all tickets raised by his company 
 (and tagged by a certain Custom Field), whilst not allowing him access 
 to tickets raised by other customers?

 Right now I am leaning towards creating a group for every customer, then 
 add the group as a Requestor/Cc for the ticket.  If I understand things 
 correctly group members should then have access to all tickets created 
 under that group, if I give ShowTicket to the group, but to no others.  
 Not sure if there's an esier way to do this, though.

 Thanks :)

 Braam van Heerden
 Conversant Systems (Pty) Ltd
 Tel: +27 11 782 2930
 Cell: +27 82 336 4643
 Skype: braamvh 


   
 -Original Message-
 From: Kenneth Crocker [mailto:[EMAIL PROTECTED] 
 Sent: 11 July 2008 18:39 PM
 To: Braam van Heerden
 Cc: [EMAIL PROTECTED]
 Subject: Re: [rt-users] Permissions by custom field

 Braam,


  I'm a bit confused. Your subject line mentions 
 permissions and I don't see that question here. As to Custom 
 Fields, what is the correlation between customer and company? 
 Normally, I would think it was  one to one. However, if you 
 are creating tickets for someone else, you can modify the 
 Requestor to be the customer and not you. You will still be 
 the creator. Then, you can have a CF that is the company.
  Permissions would be simpler. You could grant the right 
 to ShowTicket 
 Globally to the Requestor role and that would keep your customer 
 from seeing other customer (Requestor) tickets. Then you 
 merely go to your Custom Field and apply it to the support 
 queue and then go to Group Rights and grant 
 SeeCustomField to Privileged. That way all privileged users 
 will be able to see that field as well as the ticket in a 
 queue they are privileged to access. Hope this helps.


 Kenn
 LBNL

 On 7/11/2008 6:01 AM, Braam van Heerden wrote:
 
 Greetings,

 After reading the permissions wiki I still can't figure out how to 
 achieve what my MD wants.  Please excuse me if this is 
   
 described there.
 
 I am still fairly new at RT and the permissions system.

 We have a queue called Support where all our product 
   
 support requests 
 
 from clients go into.  We also have a custom field called Client 
 that contains the name of the customer the ticket was 
   
 raised for.  Our 
 
 customers can log into RT and see all the tickets they 
   
 originated, but 
 
 some managers would like to see all the tickets generated for their 
 company.  How can we set up the permissions to achieve this?

 Clients are not allowed to see other client's tickets, and we would 
 prefer not to create a queue for each customer, as this 
   
 sometimes vary.
 
 Any tips would be appreciated.  We are running RT 3.6.6.

 Thanks :)

 Braam van Heerden
 Conversant Systems (Pty) Ltd
 Tel: +27

Re: [rt-users] Permissions by custom field

[Kenneth Crocker]

Braam,


I agree with the group idea, always have. In fact, you can add yourself 
as a member of each group and create some searches that you can seave 
for each individual group. That way, when the other members of each 
group wants to run a query, they hav3e several choices they can make 
becuae you some some good ones for them and those are available to 
everyone in the SAME group. Also, The group as requestor is the same 
idea as I made of granting ShowTicket blobally to the role 
Requestor. That allows requstors the right to see ONLY their tickets 
(as long as you didn't grant ShowTicket to another group). The CF for 
Customer name can also be used for searches and you can write a scrip to 
pre-fill that CF by the @.com or .org portion of the email 
address and that way all tickets created will automatically have the 
correct Customer NAme' when created. Just a thought.


Kenn
LBNL

On 7/14/2008 5:32 AM, Braam van Heerden wrote:
 Kenneth,
 
 Todd Chapman sent some suggestions I will try.   
 
 I will try to be a bit more clear in my problem statement:
 
 We have a single queue called support that handles all tickets from 
 various customers we have SLA's with.  For ease of use we decided to 
 only use a single queue and not create a queue per customer (as that 
 list fluctuates sometimes).  Also, we have certain information on what 
 packages our customers offer to their customers, and how this is 
 implemented, and all this is bound by NDA's, so it's imperative we do 
 not let one customer see the details of another customer's tickets.  To 
 differentiate tickets raised by various customers we created a Custom 
 Field that contains the name of the customer.
 
 Now, the issue is this:  CustomerA has got a number of employees: Empl1, 
 Empl2 and Empl3.  Either of them can raise a ticket, and we will respond 
 and close the ticket.  Now, some time later the COO/CEO of CustomerA 
 requires access to all tickets raised by the various employees to track 
 who has not done their job, or where contractual violations occurred.
 
 How can we grant this user access to all tickets raised by his company 
 (and tagged by a certain Custom Field), whilst not allowing him access 
 to tickets raised by other customers?
 
 Right now I am leaning towards creating a group for every customer, then 
 add the group as a Requestor/Cc for the ticket.  If I understand things 
 correctly group members should then have access to all tickets created 
 under that group, if I give ShowTicket to the group, but to no others.  
 Not sure if there's an esier way to do this, though.
 
 Thanks :)
 
 Braam van Heerden
 Conversant Systems (Pty) Ltd
 Tel: +27 11 782 2930
 Cell: +27 82 336 4643
 Skype: braamvh 
 
 
 -Original Message-
 From: Kenneth Crocker [mailto:[EMAIL PROTECTED] 
 Sent: 11 July 2008 18:39 PM
 To: Braam van Heerden
 Cc: [EMAIL PROTECTED]
 Subject: Re: [rt-users] Permissions by custom field

 Braam,


  I'm a bit confused. Your subject line mentions 
 permissions and I don't see that question here. As to Custom 
 Fields, what is the correlation between customer and company? 
 Normally, I would think it was  one to one. However, if you 
 are creating tickets for someone else, you can modify the 
 Requestor to be the customer and not you. You will still be 
 the creator. Then, you can have a CF that is the company.
  Permissions would be simpler. You could grant the right 
 to ShowTicket 
 Globally to the Requestor role and that would keep your customer 
 from seeing other customer (Requestor) tickets. Then you 
 merely go to your Custom Field and apply it to the support 
 queue and then go to Group Rights and grant 
 SeeCustomField to Privileged. That way all privileged users 
 will be able to see that field as well as the ticket in a 
 queue they are privileged to access. Hope this helps.


 Kenn
 LBNL

 On 7/11/2008 6:01 AM, Braam van Heerden wrote:
 Greetings,

 After reading the permissions wiki I still can't figure out how to 
 achieve what my MD wants.  Please excuse me if this is 
 described there.
 I am still fairly new at RT and the permissions system.

 We have a queue called Support where all our product 
 support requests 
 from clients go into.  We also have a custom field called Client 
 that contains the name of the customer the ticket was 
 raised for.  Our 
 customers can log into RT and see all the tickets they 
 originated, but 
 some managers would like to see all the tickets generated for their 
 company.  How can we set up the permissions to achieve this?

 Clients are not allowed to see other client's tickets, and we would 
 prefer not to create a queue for each customer, as this 
 sometimes vary.
 Any tips would be appreciated.  We are running RT 3.6.6.

 Thanks :)

 Braam van Heerden
 Conversant Systems (Pty) Ltd
 Tel: +27 11 782 2930
 Cell: +27 82 336 4643
 Skype: braamvh
 ___
 http://lists.bestpractical.com/cgi-bin/mailman

[rt-users] Permissions by custom field

[Braam van Heerden]

Greetings,

After reading the permissions wiki I still can't figure out how to 
achieve what my MD wants.  Please excuse me if this is described there.  
I am still fairly new at RT and the permissions system.

We have a queue called Support where all our product support requests 
from clients go into.  We also have a custom field called Client that 
contains the name of the customer the ticket was raised for.  Our 
customers can log into RT and see all the tickets they originated, but 
some managers would like to see all the tickets generated for their 
company.  How can we set up the permissions to achieve this?

Clients are not allowed to see other client's tickets, and we would 
prefer not to create a queue for each customer, as this sometimes vary.

Any tips would be appreciated.  We are running RT 3.6.6.

Thanks :)

Braam van Heerden
Conversant Systems (Pty) Ltd
Tel: +27 11 782 2930
Cell: +27 82 336 4643
Skype: braamvh 
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

[rt-users] Permissions on user information?

[John Arends]

I applied a mod to the ShowPeople Element on a ticket that uses 
%$UserObj-WorkPhone% to display the requestor's phone number.

Only people with full admin access to the RT system can see the phone 
number. I looked through the permissions and did not see anything 
obvious that allows us to control who can see directory information like 
that.

Any suggestions? I obviously don't want normal users to have full write 
access to change people's directory info.
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

[rt-users] permissions on etc dir files.

[Vivek Khera]

I was just updating the FreeBSD port to rt 3.6.2 and finally got  
around to digging into why there are funky file permissions on the  
etc files.  For some reason they are all set to 0500 permissions, but  
not a single file there needs to be executable...  Shouldn't they get  
0400 instead?  Also, I'd like to suggest that the config files be  
chgrp'd to the WEB_GROUP group to ensure that the http server can  
read them.  Otherwise RT fails to run.


I'm patching these changes into the FreeBSD port for now, but I think  
they ought to be in the original sources.




smime.p7s
Description: S/MIME cryptographic signature
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

Re: [rt-users] permissions on etc dir files.

[Vivek Khera]

On Dec 19, 2006, at 3:32 PM, Vivek Khera wrote:

I was just updating the FreeBSD port to rt 3.6.2 and finally got  
around to digging into why there are funky file permissions on the  
etc files.  For some reason they are all set to 0500 permissions,  
but not a single file there needs to be executable...  Shouldn't  
they get 0400 instead?  Also, I'd like to suggest that the config  
files be chgrp'd to the WEB_GROUP group to ensure that the http  
server can read them.  Otherwise RT fails to run.


Also, the config files themselves don't need to be 0550 mode, but 0440.



smime.p7s
Description: S/MIME cryptographic signature
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

[rt-users] Permissions to view More about user

[Ian Clancy]

Hi list,
I wrote a script to pull all our user information from out directory 
into RT. Information such as Phone Numbers etc.. that kind of thing.
All this information can now be viewed from the root account but not 
from the other privileged accounts.
What permission do i need to give to the priviliged accounts to be able 
to view this information ?.

Thanks

--
Ian Clancy
IT Co-ordinator
Connaught Electronics Ltd.
Dunmore Rd,
Tuam,
Co. Galway,
Ireland.

P : ++353 93 23151
F : ++353 93 23110
E : mailto:[EMAIL PROTECTED]
W : http://www.cel-europe.com


___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

[rt-users] Permissions Problem

[David Smithson]

Hi all.  I have a queue called Sales with the following group rights:

Everyone:
CreateTicket
ReplyToTicket
SeeQueue

Sales:
ModifyTicket
OwnTicket
ReplyToTicket
ShowOutgoingEmail
ShowTicket
ShowTicketComments
StealTicket
TakeTicket
Watch
WatchAsAdminCc

However, users in the Sales *and* Everyone groups still can't see the
queue.  What am I missing?

David Smithson
-- 
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


We're hiring! Come hack Perl for Best Practical: 
http://bestpractical.com/about/jobs.html

RE: [rt-users] Permissions Problem

[David Smithson]

Now, I don't really need Everyone to have the See Queue right, so if I
assign that right to Sales, all users in the Sales group can see the
queue.  I guess I'm curious as to why the Everyone rights aren't
inherited here by users who are members of the Everyone group in this
case.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David
Smithson
Sent: Tuesday, August 01, 2006 2:38 PM
To: RT-List Users
Subject: [rt-users] Permissions Problem

Hi all.  I have a queue called Sales with the following group rights:

Everyone:
CreateTicket
ReplyToTicket
SeeQueue

Sales:
ModifyTicket
OwnTicket
ReplyToTicket
ShowOutgoingEmail
ShowTicket
ShowTicketComments
StealTicket
TakeTicket
Watch
WatchAsAdminCc

However, users in the Sales *and* Everyone groups still can't see the
queue.  What am I missing?

David Smithson
-- 
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


We're hiring! Come hack Perl for Best Practical:
http://bestpractical.com/about/jobs.html
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


We're hiring! Come hack Perl for Best Practical: 
http://bestpractical.com/about/jobs.html

[rt-users] permissions of RT_System

[Alain Sips]

Hello,



I am trying to set a custom field based on an
incoming mail. Part of the code looks like this:



my $CF_Obj =
RT::CustomField-new($RT::SystemUser);

my $cf_name = Skill;

$CF_Obj-LoadByName( Name = $cf_name, Queue
= '0',);

my ($retcode, $msg) = $CF_Obj-AddValueForObject(
Object = $self-TicketObj,


Content = $cf_value, );

$RT::Logger-debug(Return code [$retcode]
Msg [$msg]\n);



The scrip gets executed, however the custom field wont
be set, because the permission is denied.

The user is RT_System, but I cant seem to find
where I can set the ModifyCustomField right for this user.



Can someone please help me?


Thanks,

Alain Sips






___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


We're hiring! Come hack Perl for Best Practical: 
http://bestpractical.com/about/jobs.html