On Wed, Jun 14, 2006 at 03:20:42PM -0600, Nick Metrowsky wrote: > Hi Todd, > > Thank you for writing. Apparently the Privileged global system group has > Super User and Delegate Rights, plus every other right set up. I tried > removing all the rights, so just Show Ticket and See Queue were > available. I was then going to grant more rights on a group by group > and/or user by user basis for those users who really need them. > Unfortunately, I cannot revoke Super User and Delegate Rights from the > Privileged global system group. So, when I create a user, with just See
That is really broken. If you can't do that then all bets are off. > type rights, they can do anything they want (I did not place them in any > group other than checking the box "Let this user be granted rights"). By > the way, when I look in Rights Matrix, everything is set to "Y" for this > user. I also checked the various queues, and the Privileged group has no > rights, and the same goes for the user accounts. The privileges are > assigned only at the global group level. We set up a global group for > each queue; again the test user was not assigned to any group. > > One other observation, the NULL account, user id #1 is assign the Super > User privilege, is this supposed be right? I tried to revoke it and RT > will not let me do it. Not sure about that. > > I did not set up RT originally, as the privilege set up was a carry over > from the RT 2 system. I knew this was a bit of a mess, I just did not > really know who much a mess it was. > > Anyway, what should be the defaults for the Everyone, Unprivileged and > Privileged global system groups? Do I need to be logged into a special > account to revoke Super User and Delegate rights from the Privileged > global system group? I guess the next question, is this something I > really want to do? You need to be logged in as root and make sure root has SuperUser, then you can revoke rights from Everyone/Priv, and Unpriv. I'm pretty sure they have no rights by default. > > Any insight would be greatly appreciated. > > Take care! > > Nick > > > ------------------------------------------------------------------------ > --------- > Nick Metrowsky > Consulting System Administrator > 303-684-4785 Office > 303-684-4100 Fax > [EMAIL PROTECTED] > DigitalGlobe (r), An Imaging and Information Company > http://www.digitalglobe.com > ------------------------------------------------------------------------ > --------- > > -----Original Message----- > From: Todd Chapman [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 14, 2006 2:02 PM > To: Nick Metrowsky > Cc: [email protected] > Subject: Re: [rt-users] Proper way to set up a read-only user > > On Wed, Jun 14, 2006 at 10:22:21AM -0600, Nick Metrowsky wrote: > > Hi Everyone, > > > > > > > > I would like to set up users in RT which grant them the rights to view > > tickets and queues, but they cannot change anything. I would like them > > to have a user id and password, like privileged users. Is there a way > to > > do this? I noticed that the Everyone and Unprivileged user designation > > allows users to only use the SelfService menu and that is just about > it. > > > > Make them privileged but don't grant them any rights other > thatn See/Show rights. > > -Todd _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
