On Fri, Jul 20, 2012 at 01:14:53PM +0530, Rajesh Kumar wrote: > Hi All, > > I'm new to RT and trying to make it work in following manner - > > 1. There should be only one queue called 'Support'. This is because we > have too many clients > and is a management call... > > 2. Multiple clients using same queue to create tickets. > > 3. No client should be able to access another client's tickets. Example - > Client A should not > be able to access client B's tickets. > > And this is what I've done so far - > > 1. Add a custom field 'Client' at user level. > > 2. Create a group for each 'Client' and add all users belonging to the > client to their > respective group. > > 3. OnCreate scrip to add the group as 'Cc' to the ticket and grant > 'ShowTicket' to the 'Cc' > role. > > This results in - > > 1. User belonging to group A cannot see tickets raised by any user of > group B on the 'Open > tickets' page. So the segregation works here. > > 2. But if a user of group A searches for a ticket (by ticket number) he > gets to see all the > ticket details hence defeating restriction we needed in place.
You've granted ShowTicket too widely, check your ACL configurations. Especially for Everyone and Unprivileged groups. -kevin > Please take a look at the OnCreate script on [1]pastebin and help me > understand what is wrong > with this approach.
pgpfgeetz5qxY.pgp
Description: PGP signature
