On Feb 6, 2008 6:22 PM, Jean-Sebastien Morisset <[EMAIL PROTECTED]> wrote: > Hi everyone, > > Phew! There are a lot of different ways to setup rights. Our RT 3.6.6 > users are checked against our Active Directory server and created > automatically. For some reason when someone sends e-mail, and an account > doesn't already exist for them, the e-mail fails (I guess this is > because there wasn't a password to authenticate the user). So I had to > give 'Everyone' some permissions. > > Here's what I did... Does anyone see a problem with this? Several: * see comments below inlined * as almost all privileged users have right to reply to tickets then most probably Ccs and AdminCcs lists of your tickets will be a big mess. With this right granted directly to groups people don't have to add themself as watchers (Owner, Ccs, AdminCcs) to reply to a ticket. That's often result in double replies from different persons, people don't get notifications as they're not associated with tickets in any way.
* do you really want to grant all those SeeScrip, Template and bla-bla to mortals who really don't care about managing RT instance? > > Configuration -> Global -> Group Rights: > > Everyone > AssignCustomFields drop this > CreateTicket > SeeCustomField > > Privileged > AssignCustomFields drop this, most probably you want to leave it for admins only > CreateSavedSearch > CreateTicket > EditSavedSearches > LoadSavedSearch > ModifySelf > SeeCustomField > SeeGroup > SeeQueue > ShowSavedSearches > ShowTicket > Watch > > Requestor > AssignCustomFields drop this! > CreateSavedSearch drop this, makes not much sense > CreateTicket drop this. useless > EditSavedSearches > LoadSavedSearch drop both > ModifySelf drop this > ReplyToTicket > SeeCustomField > SeeGroup drop this > SeeQueue drop this > ShowSavedSearches drop this > ShowTicket > > User defined groups: Management > AssignCustomFields > CommentOnTicket > CreateSavedSearch > CreateTicket > EditSavedSearches > LoadSavedSearch > ModifyQueueWatchers > ModifySelf > ModifyTicket > OwnTicket > ReplyToTicket > SeeCustomField > SeeGroup > SeeQueue > ShowACL > ShowOutgoingEmail > ShowSavedSearches > ShowScrips > ShowTemplate > ShowTicket > ShowTicketComments > StealTicket > TakeTicket > Watch > WatchAsAdminCc > > User defined groups: RT-Admin > AdminAllPersonalGroups > AdminCustomField > AdminGroup > AdminGroupMembership > AdminOwnPersonalGroups > AdminQueue > AdminUsers > AssignCustomFields > CommentOnTicket > CreateSavedSearch > CreateTicket > DelegateRights > DeleteTicket > EditSavedSearches > LoadSavedSearch > ModifyACL > ModifyCustomField > ModifyOwnMembership > ModifyQueueWatchers > ModifyScrips > ModifySelf > ModifyTemplate > ModifyTicket > OwnTicket do you really want your admins to own tickets? then add them to two groups instead of granting them this right. People often make mistakes and add admins as owners when really they don't care at all about tickets. > ReplyToTicket the same as above and other rights like StealTicket > SeeCustomField > SeeGroup > SeeQueue > ShowACL > ShowConfigTab > ShowOutgoingEmail > ShowSavedSearches > ShowScrips > ShowTemplate > ShowTicket > ShowTicketComments > StealTicket > TakeTicket > Watch > WatchAsAdminCc > > Queue specific rights are given for groups by queue... > > Configuration -> Queues -> Unix -> Group Rights: > > User defined groups: Unix > AssignCustomFields > CommentOnTicket > CreateTicket > ModifyTicket > OwnTicket > ReplyToTicket > SeeQueue > ShowACL > ShowOutgoingEmail > ShowScrips > ShowTemplate > ShowTicket > ShowTicketComments > StealTicket > TakeTicket > Watch > WatchAsAdminCc > > Thanks! > js. > -- > Jean-Sebastien Morisset, Sr. UNIX Administrator <[EMAIL PROTECTED]> > _______________________________________________ > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users > > Community help: http://wiki.bestpractical.com > Commercial support: [EMAIL PROTECTED] > > > Discover RT's hidden secrets with RT Essentials from O'Reilly Media. > Buy a copy at http://rtbook.bestpractical.com > -- Best regards, Ruslan. _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
