Ant, We have the same levels of use here, but over 120 support Queues to do it. We follow the following rules: 1) No user gets individual privileges. They must be members in a group with "like needs" for access to a Queue. That way, as rights maintenance issues come up for a Queue, we only have to deal with the group as a whole, not a bunch of individual users. Way too much redundant work with individuals. 2) We put the Product Manager in the "AdminCc" Queue watcher role. *No one else* gets that role for that Queue. We grant this role the rights to admin users/watchers and a lot of other stuff for that Queue. 3) We name these groups for the Queue. ie. "xxxx-users" where "xxxx" is the name of the Queue and the "Users" are those people that can create and view their *own tickets* (only), but not modify them, unless it is a Custom Field created just for them. "XXXX-Support" or "XXXX-Texh-Support" are for the developers. They get more rights that "Users".
I have a "Rights Guide" that we use for setting up Global/Queue rights for groups and roles. If you feel you have an environment with the kind of development support like ours, I can pass that on to you, if you are interested. Kenn LBNL On Wed, Oct 6, 2010 at 12:43 PM, ant <[email protected]> wrote: > > I have been looking around and am thinking this may not really be possible, > but here goes. > > I have a number of users, number of queues and three different access > levels View Only, Developer and Product Manager. I am trying to figure out > a way to specify the set of rights each of the access levels only once, > then somehow associate a user and queue with each set of rights, for > example. > > user fred has developer rights to the testa queue, but only view only to > testb. > > It looks like I could do this by creating a bunch of groups like > testa_developer and assigning the user to all the individual groups, but > that means I have to set up individual rights for each of those groups on > the various queues, which takes a while to set up and is hard to maintain. > > In the past I set up global rights for groups and made a hack that pulls my > users from my user database and gets which rights each should have, then > copies those rights at the user level onto the queue directly. This never > seemed very clean to me but was the only solution I could come up with. I'm > upgrading my system now and was hoping maybe I could find a better way, but > I'm not finding anything. > > Anyone have any ideas? I'm on 3.8.8 > > RT Training in Washington DC, USA on Oct 25 & 26 2010 > Last one this year -- Learn how to get the most out of RT! >
RT Training in Washington DC, USA on Oct 25 & 26 2010 Last one this year -- Learn how to get the most out of RT!
