Sorry Giuseppe I don't have much knowledge of the LDAP plugin. Under normal circumstances (ie RT auth), I would write script to go through the users need changing and set Privileged to 0 foreach $MyUserId (@my_users_to_change) { my $u=RT::User->new(RT::SystemUser); my ($id, $msg) = $u->Load("$MyUserId"); if ($id) { $u->SetPrivileged(0); } }
Regards; Roy > -----Original Message----- > From: Giuseppe Sollazzo [mailto:gsoll...@sgul.ac.uk] > Sent: 10 June 2011 15:33 > To: Raed El-Hames > Cc: rt-users@lists.bestpractical.com > Subject: Re: [rt-users] limit ticket list display on requestor login > > Hi Raed, > thanks a lot as that explains it. This user is Privileged. Removing the > privilege everything works as expected. > > What puzzles me is the relationship between system groups and user > defined groups. I would have expected to have the possibility of > limiting permissions to Privileged users in a group rather then having > them as Unprivileged. > But never mind :-) > > Now the problem I have is that all my imported users are Privileged, and > reimporting them does not seem to change this (even with > $LDAPUpdateUsers=1). > > Do you reckon there's a way to bulk update users and make them > Unprivileged? > > Thanks, > Giuseppe > > > > > On 10/06/11 14:50, Raed El-Hames wrote: > > The fist question Giuseppe , is user U privileged or not? > > > > If not then by default he should have been redirected to > SelfService/index.html, which again by default should only display > > /SelfService/Elements/MyRequests > > > > If he is privileged (then I would ask why? -- because according to what > you need below he does not need to be privileged), if he has to be > privileged then you may have to do some coding .. I do think there is a > limitation in RT , you should need to give the "SeeQueue" permission to be > able to see it in the dropdown ? I would have thought the "CreateTicket" > permission should be enough. > > > > As I suggested make user U unprivileged is the easiest solution. > > > > Good luck > > Roy > > > > > >> -----Original Message----- > >> From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- > >> boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo > >> Sent: 10 June 2011 14:15 > >> To: rt-users@lists.bestpractical.com > >> Subject: Re: [rt-users] limit ticket list display on requestor login > >> > >> Hi Kevin, > >> that was my first thought - however in "global group rights" all > >> checkboxes in general/staff/admin rights are unticked for System, > Roles, > >> and for the given user group. > >> > >> Or is it maybe how I shoudl manage this, by adding "show ticket" to the > >> global one? > >> > >> Just in case I have explained myself improperly, what I'm trying to > >> achieve is that users in the G group are shown in the dashboard a list > >> of tickets in the queue Q for which they are requestors; such list > >> should exclude tickets in the same queue for which they are not > >> requestors. > >> > >> Thanks, > >> G > >> > >> On 10/06/11 14:03, Kevin Falcone wrote: > >>> On Fri, Jun 10, 2011 at 01:45:55PM +0100, Giuseppe Sollazzo wrote: > >>>> Uhm... > >>>> it seems not to behave like I would like to. > >>>> > >>>> Basically I have a privileged user U that is part of group "G". > >>>> On queue Q group G has right to show/modify/reply, whereas the > >>>> system privileged group does not have any right on the queue. > >>>> Also, on queue Q role "Requestor" has right to show/modify/reply, > >>>> whereas the system privileged group does not have any right on the > >>>> queue. > >>>> > >>>> Still, U can see all tickets in queue Q, even those he's not a > >>>> requestor for. > >>>> > >>>> So I'm still looking for a way to hide tickets for which a user in > >>>> the group G is not a requestor for from the dashboard, if that's at > >>>> all possible :) > >>> Sounds like you have some global rights getting in the way. > >>> > >>> -kevin > >>> > >>>> On 10/06/11 12:06, Raed El-Hames wrote: > >>>>> Giuseppe, > >>>>> > >>>>> I will not give the Everyone group rights other than Create Ticket > and > >> ReplyToTicket (and this is only to get the email side of things working > >> properly).I also would not give any rights to the Unprivileged group. > >>>>> For your purposes I would suggest you give the Requestor Role rights > >> to ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are > >> Unprivileged then their login will redirect them to the SelfService > portal > >> which is restricted. > >>>>> Hope that helps; > >>>>> Regards; > >>>>> Roy > >>>>> > >>>>>> -----Original Message----- > >>>>>> From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- > >>>>>> boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo > >>>>>> Sent: 10 June 2011 10:43 > >>>>>> To: rt-users@lists.bestpractical.com > >>>>>> Subject: [rt-users] limit ticket list display on requestor login > >>>>>> > >>>>>> Hi, > >>>>>> I guess I'm not getting this right. > >>>>>> > >>>>>> I'd like that a user, upon login, were able to only see the tickets > >> for > >>>>>> which they are a requestor (in a given queue). > >>>>>> > >>>>>> Let's say I have a group G and a queue Q. If rights for G on Q are > >>>>>> "Create tickets" and "View queue" obviously they see all tickets in > >> the > >>>>>> queue, whereas "Create tickets" alone does not allow them to see > any > >>>>>> ticket. > >>>>>> > >>>>>> To keep things tidy, I've also given the same rights to Everyone, > >>>>>> Privileged, Unprivileged. > >>>>>> > >>>>>> Is what I want to do feasible with just permissions management? > >>>>>> > >>>>>> Thanks, > >>>>>> Giuseppe > >>>>>> > >>>>>> -- > >>>>>> ____________________________________ > >>>>>> > >>>>>> Giuseppe Sollazzo > >>>>>> Senior Systems Analyst > >>>>>> Computing Services > >>>>>> Information Services > >>>>>> St. George's, University Of London > >>>>>> Cranmer Terrace > >>>>>> London SW17 0RE > >>>>>> > >>>>>> Email: gsoll...@sgul.ac.uk > >>>>>> Direct Dial: +44 20 8725 5160 > >>>>>> Fax: +44 20 8725 3583 > >>>>>> > >>>> -- > >>>> ____________________________________ > >>>> > >>>> Giuseppe Sollazzo > >>>> Senior Systems Analyst > >>>> Computing Services > >>>> Information Services > >>>> St. George's, University Of London > >>>> Cranmer Terrace > >>>> London SW17 0RE > >>>> > >>>> Email: gsoll...@sgul.ac.uk > >>>> Direct Dial: +44 20 8725 5160 > >>>> Fax: +44 20 8725 3583 > >>>> > >>>> > >> > >> -- > >> ____________________________________ > >> > >> Giuseppe Sollazzo > >> Senior Systems Analyst > >> Computing Services > >> Information Services > >> St. George's, University Of London > >> Cranmer Terrace > >> London SW17 0RE > >> > >> Email: gsoll...@sgul.ac.uk > >> Direct Dial: +44 20 8725 5160 > >> Fax: +44 20 8725 3583 > >> > > > -- > ____________________________________ > > Giuseppe Sollazzo > Senior Systems Analyst > Computing Services > Information Services > St. George's, University Of London > Cranmer Terrace > London SW17 0RE > > Email: gsoll...@sgul.ac.uk > Direct Dial: +44 20 8725 5160 > Fax: +44 20 8725 3583 >