Re: [rt-users] Permissions to let a user administer a queue
I added the ShowACL and ModifyAcl permissions to the admincc, even tried assigning them to the user manually, even as a global right, but still i can't see the system groups. -- View this message in context: http://requesttracker.8502.n7.nabble.com/Permissions-to-let-a-user-administer-a-queue-tp58608p58622.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Permissions to let a user administer a queue
Finally resolved it. I decided to turn on all rights to the user on a global level and turning them off one by one. Turns out i had to enable SeeQueue as a global right. I am thinking unprivileged, privileged, everyone are internal groups therefore i needed the permission. However, now the user can see any group and know the group's members, but he can't mess with the other group. That's not what i want, however i can live with it, and i can sort of understand why it works this way. You need to view every group in order to assign them permissions. For me it would have made for sense for the admincc to be able to do everything with a queue without requiring a global right. Users shouldn't be able to know which users are inside a group, and i can't see a way to deny outside users this right from the other group itself. So, to recap, here is what i did: -Assign a specific user ShowConfigTab and SeeQueue -Add group A to queue A and grant all permissions in that queue for that group. I hope this helps someone, but i am hoping my solution is actually wrong and there's a better way to do this, but i can't see it. After all, i needed to enable just 2 permissions to fix my issue. -- View this message in context: http://requesttracker.8502.n7.nabble.com/Permissions-to-let-a-user-administer-a-queue-tp58608p58623.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Permissions to let a user administer a queue
On Fri, Sep 26, 2014 at 06:12:13AM -0700, fleon wrote: Turns out i had to enable SeeQueue as a global right. I am thinking unprivileged, privileged, everyone are internal groups therefore i needed the permission. SeeQueue or SeeGroup? If you really fixed this with SeeQueue, then your complaint is very confusing to me. You should file a feature request to make the Everyone/Privileged/Unprivileged and Role groups visible on Queue rights pages for Queue admins (users without SuperUser). -kevin pgpvkxEbflAMi.pgp Description: PGP signature -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Permissions to let a user administer a queue
I am very sorry, you are right, i had to enable SeeGroup. I am glad that you see that this can be improved. I filed bug 30416. http://issues.bestpractical.com/Ticket/Display.html?id=30416 -- View this message in context: http://requesttracker.8502.n7.nabble.com/Permissions-to-let-a-user-administer-a-queue-tp58608p58629.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Permissions to let a user administer a queue
i decided to enable ShowConfigTab and then revoke all rights on the privileged group to the other queue. That other queue only has rights for requesters and users of their own group. So far i think it's working, the user sees all menus but can only see his queue, can't create or modify other queues (he can't even see them). He can also add users to the group he belongs to. The only thing missing is that the system groups are not being shown inside the queue, so he can't set permissions on them: System Everyone (not shown) Privileged (not shown) Unprivileged (not shown) Roles AdminCc (not shown) Cc (not shown) Owner (not shown) Requestor (not shown) He only sees his group belonging to his queue. What i am missing so he can set the permissions to the system and role groups? -- View this message in context: http://requesttracker.8502.n7.nabble.com/Permissions-to-let-a-user-administer-a-queue-tp58608p58613.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -- RT Training November 4 5 Los Angeles http://bestpractical.com/training