On Wed, Aug 20, 2014 at 03:10:20PM +0000, Oriol Soriano wrote: > Having Global requestor role WITH 'ShowTicket', Queue specific requestor role > WITH 'ShowTicket' & Queue specific user group 'restricted' WITHOUT > 'ShowTicket', would result in the user only being able to see those tickets > for > which he is requestor; similarly, only those tickets would be returned in a > REST API search. > > But, as I already said, having Global requestor role WITHOUT 'ShowTicket', > Queue specific requestor role WITH 'ShowTicket' & Queue specific user group > 'restricted' WITHOUT 'ShowTicket', would result in the user not being able to > see any ticket in the queue; not even those for which he is requestor. > > > So, considering the following "right layers" in this case: > > 1. Global rights > > 2. Queue role rights > > 3. Queue user group rights > > Is the queue specific user group rights configuration overriding the same > queue > role rights configuration¿ IE: is the queue user group NOT having the > 'ShowTicket' overriding the queue role having it? > > > If so, how could I implement this configuration Im looking for without having > to grant that right globally to the requestor role? I would certainly preffer > not having to do that.
I did the following. Create a user named Foo who is unprivileged Create a queue named Test Grant Requestor ShowTicket from the Test Queue's Group Rights page Create a ticket in General with Foo as the Requestor Create a ticket in Test with Foo as the Requestor Log in as Foo Get the SelfService UI See on the ticket in Test with Foo as a Requestor No other rights were configured other than the rights granted as part of a base RT install. This was on 4.2-trunk, which is 4.2.6 plus patches intended for 4.2.7, however I am not aware of anything that would impact this since 4.2.2. -kevin
pgp7hqhzAU4uw.pgp
Description: PGP signature
-- RT Training - Boston, September 9-10 http://bestpractical.com/training
