Am 26.09.2007 um 19:25 schrieb Kenneth Crocker:
Rainer,
Yes, there are a couple different ways. One is to create a user
group for each queue (named appropriately) followed by granting the
"SeeQueue" right to each individual queue for it's corresponding
user group. In essence, just what you did for that one queue/group,
do for the others only you can give the right to "Everybody" in the
other queues. That's one way. You can also grant the "ShowTicket"
and "ReplyToEmail" privileges as well to these groups. This will
allow them to actually "SEE" the info in their tickets in the
queue, not just create them, and to "Reply" as well in case there
is some correspondence. This will keep other users from other
queues/groups from creating/seeing/replying to tickets in a queue
they are not associated with. We have over 50 support queues and
VERY FEW Global rights granted.
I've not granted Global rights either (apart from save searches,
IIRC). But "Everybody" is everybody.
You can also be even more restrictive by using the role
"Requestor" for some of these rights to keep users in a common
group form getting involved in tickets they didn't create.
Hope this helps.
After thinking about it some more (which usually happens after one
posts), I assigned the right "SeeQueue" to the "Unprivileged" System
Group.
This way, privileged users from other queues will not be able to see
the queue, but unprivileged SelfService users should be able to use
it just as if the right was granted to "Everybody".
I don't want to create too many groups - even with RightsMatrix, it
can become very unwieldily, IMO.
I also wanted to create as few queues as possible....
cheers,
Rainer
--
Rainer Duffner
CISSP, LPI, MCSE
[EMAIL PROTECTED]
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
