js, My RightsMatrix RT extension can help with understanding and assigning rights.
For example you can use it to assign right to a group and then look at individuals in that group to make sure they have the right you assigned and exactly how they got that right. http://search.cpan.org/author/HTCHAPMAN/RTx-RightsMatrix-0.03.00/lib/RTx/RightsMatrix.pm -Todd On 2/7/08, Jean-Sebastien Morisset <[EMAIL PROTECTED]> wrote: > > On Wed, Feb 06, 2008 at 11:19:48AM -0800, Kenneth Crocker wrote: > > > > Whew! You have really given alot of people alot of rights. > > Kenneth and Ruslan, > > Thanks for your feedback! I did a lot of testing, and wasn't sure if you > inherited rights or not, so many of the basic rights were duplicated. > Thanks for explaining that bit. :-) > > Ok, so a brief description of our processes is in order... It's very > simple really... Anyone can open a ticket. Requestors should be able to > view and reply to their own ticket. Anyone else should be able to view > all tickets, add themselves as CC, but not modify tickets that aren't > theirs. We have 3-4 queues, and most of the requests will be coming in > by e-mail, sorted (by procmail), and a ticket opened in the appropriate > queue. Specific groups, like "Telecom" for example, have priviledges to > work on tickets in their own queue (also called "Telecom"). They should > also be able to transfer tickets to other queues in case someone sent > their e-mail to the wrong queue. The "Management" group should have the > ability to modify any ticket in any queue. > > So, in a nutshell, that's about it. > > After your comments, I made the following adjustments: > > Configuration -> Global -> Group Rights: > > Everyone > CreateTicket > SeeCustomField > > Privileged > CreateSavedSearch > CreateTicket > EditSavedSearches > LoadSavedSearch > ModifySelf > SeeCustomField > SeeGroup > SeeQueue > ShowSavedSearches > ShowTicket > Watch > > User defined groups: Management > ModifyQueueWatchers > ModifyTicket > OwnTicket > ReplyToTicket > ShowACL > ShowOutgoingEmail > ShowScrips > ShowTemplate > ShowTicketComments > StealTicket > TakeTicket > WatchAsAdminCc > > There's also an RT-Admin group to manage users and RT configs: > > RT-Admin > AdminAllPersonalGroups > AdminCustomField > AdminGroup > AdminGroupMembership > AdminOwnPersonalGroups > AdminQueue > AdminUsers > AssignCustomFields > ModifyACL > ModifyCustomField > ModifyOwnMembership > ModifyQueueWatchers > ModifyScrips > ModifyTemplate > ModifyTicket > ShowACL > ShowConfigTab > ShowOutgoingEmail > ShowSavedSearches > ShowScrips > ShowTemplate > ShowTicket > ShowTicketComments > > For each Queue ("Telecom" in this example), I have additional rights for > the associated group. I've specified some AdminCCs by default because > we're transitioning from an e-mail based process. Eventually I'll remove > the AdminCCs and create a Scrip/Template to e-mail the group members > when a ticket is created in their queue. After that it'll be up to them > to decide if they want to own the ticket or add themselves as Ccs or > AdminCcs. > > Configuration -> Queues -> Telecom -> Watchers: > > Administrative Cc: > Telecom > Management > > Configuration -> Queues -> Telecom -> Group Rights: > > User defined groups: Telecom > CommentOnTicket > ModifyTicket > OwnTicket > ReplyToTicket > ShowOutgoingEmail > ShowTicketComments > StealTicket > TakeTicket > WatchAsAdminCc > > BTW, I appreciate your time with this. The faster I can tweak this > config, the better chance it'll be adopted. Our current e-mail based > process has to go... :-) > > I should also mention that I've configured the ___Approval queue. For > some reason it's showing up on the user's home page. I thought the > ___Approval queue would be hidden... Should it be? > > I'm still tweaking the approval process. There's some conflicts between > the global scrips and the approval queue scrips. For example, the global > scrip "On Create Notify AdminCcs with template Transaction" and the > ___Approval queue scrip "On Create Notify AdminCcs with template New > Pending Approval". It looks like I'll have to move that global scrip > into each queue instead to avoid duplicate e-mails with the ___Approval > queue. > > Thanks! > js. > -- > Jean-Sebastien Morisset, Sr. UNIX Administrator <[EMAIL PROTECTED]> > _______________________________________________ > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users > > Community help: http://wiki.bestpractical.com > Commercial support: [EMAIL PROTECTED] > > > Discover RT's hidden secrets with RT Essentials from O'Reilly Media. > Buy a copy at http://rtbook.bestpractical.com >
_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
