Hi Kenneth,
that helped a lot, thanks.

Pitching is a good idea, although us Europeans don't get baseball too much ;-)

I managed to get things working as suggested by you:
Global - Roles Requestor: ShowTicket
Queue X - System Everyone: CreateTicket SeeQueue

with this I get exactly what I'm after: users can see their own tickets only, unless they are given more permissions.

However, just a clarification. At some point you write:

"CreateTicket" - This right has NOTHING to do with seeing it, modifying it,
etc. It just means that RT will let someone "CREATE" it. That's it. However,
because you might want to know who created it as well as who wants the work
done, RT keeps track of the "creator" AND the "Requestor". They are not
always the same. I could easily grant "CreateTicket" to everyone and if I
didn't grant "ShowTicket" to anyone, no one would see it except the user
with "SuperUser" rights.
"SeeQueue" - This means you can see a Queue (all if granted Globally) in the
"Drop-down" list of Queues when wanting to create/look at a ticket. If I
grant "SeeQueue" and do not grant "CreateTicket" you will see there are xx
numbers of ticket in a Queue but not be able to create a ticket there.
Basically, the way I interpret this means that if I want my users to be able to create tickets via the web interface, I need to provide them with both "CreateTicket" and "SeeQueue". As a side effect, privileged users couldn't be prevented from seeing a list of other people's tickets (albeit not in details) in that queue if I want them to be able to create tickets in that same queue.

Is my interpretation of what you write correct? It seems it's missing the effect of "ShowTicket", which allows the grantee to see the list of tickets.

A couple of improvements that would be great to have in future are
- bulk update of users (e.g. I imported all users as privileged, it turns out I wanted them unprivileged, I wish I could do it from within the interface rather than by scripting). - customising RT at a glance made simpler - I know you can create dashboards, still it seems not that flexible?


Thanks again for your kind help and accurate explanation.

Best regards,
Giuseppe





--
____________________________________

Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583


Reply via email to