Re: [rt-users] Proper way to set up a read-only user
On Wed, Jun 14, 2006 at 03:20:42PM -0600, Nick Metrowsky wrote: Hi Todd, Thank you for writing. Apparently the Privileged global system group has Super User and Delegate Rights, plus every other right set up. I tried removing all the rights, so just Show Ticket and See Queue were available. I was then going to grant more rights on a group by group and/or user by user basis for those users who really need them. Unfortunately, I cannot revoke Super User and Delegate Rights from the Privileged global system group. So, when I create a user, with just See That is really broken. If you can't do that then all bets are off. type rights, they can do anything they want (I did not place them in any group other than checking the box Let this user be granted rights). By the way, when I look in Rights Matrix, everything is set to Y for this user. I also checked the various queues, and the Privileged group has no rights, and the same goes for the user accounts. The privileges are assigned only at the global group level. We set up a global group for each queue; again the test user was not assigned to any group. One other observation, the NULL account, user id #1 is assign the Super User privilege, is this supposed be right? I tried to revoke it and RT will not let me do it. Not sure about that. I did not set up RT originally, as the privilege set up was a carry over from the RT 2 system. I knew this was a bit of a mess, I just did not really know who much a mess it was. Anyway, what should be the defaults for the Everyone, Unprivileged and Privileged global system groups? Do I need to be logged into a special account to revoke Super User and Delegate rights from the Privileged global system group? I guess the next question, is this something I really want to do? You need to be logged in as root and make sure root has SuperUser, then you can revoke rights from Everyone/Priv, and Unpriv. I'm pretty sure they have no rights by default. Any insight would be greatly appreciated. Take care! Nick - Nick Metrowsky Consulting System Administrator 303-684-4785 Office 303-684-4100 Fax [EMAIL PROTECTED] DigitalGlobe (r), An Imaging and Information Company http://www.digitalglobe.com - -Original Message- From: Todd Chapman [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 14, 2006 2:02 PM To: Nick Metrowsky Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Proper way to set up a read-only user On Wed, Jun 14, 2006 at 10:22:21AM -0600, Nick Metrowsky wrote: Hi Everyone, I would like to set up users in RT which grant them the rights to view tickets and queues, but they cannot change anything. I would like them to have a user id and password, like privileged users. Is there a way to do this? I noticed that the Everyone and Unprivileged user designation allows users to only use the SelfService menu and that is just about it. Make them privileged but don't grant them any rights other thatn See/Show rights. -Todd ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
[rt-users] Proper way to set up a read-only user
Hi Everyone, I would like to set up users in RT which grant them the rights to view tickets and queues, but they cannot change anything. I would like them to have a user id and password, like privileged users. Is there a way to do this? I noticed that the Everyone and Unprivileged user designation allows users to only use the SelfService menu and that is just about it. Any ideas would be most welcome. Take care! Nick - Nick Metrowsky Consulting System Administrator 303-684-4785 Office 303-684-4100 Fax [EMAIL PROTECTED] DigitalGlobe , An Imaging and Information Company http://www.digitalglobe.com - ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
Re: [rt-users] Proper way to set up a read-only user
Nick Metrowsky wrote: Hi Everyone, I would like to set up users in RT which grant them the rights to view tickets and queues, but they cannot change anything. I would like them to have a user id and password, like privileged users. Is there a way to do this? I noticed that the Everyone and Unprivileged user designation allows users to only use the SelfService menu and that is just about it. Any ideas would be most welcome. Take care! Nick *-* *Nick Metrowsky*** *Consulting System Administrator*** *303-684-4785 Office*** *303-684-4100 Fax*** [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]*** *DigitalGlobe ®, An Imaging and Information Company* *http://www.digitalglobe.com* *-* ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html Nick, Everyone already INCLUDES unprivileged so giving both is redundant. Kenn ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
RE: [rt-users] Proper way to set up a read-only user
Hi Todd, Thank you for writing. Apparently the Privileged global system group has Super User and Delegate Rights, plus every other right set up. I tried removing all the rights, so just Show Ticket and See Queue were available. I was then going to grant more rights on a group by group and/or user by user basis for those users who really need them. Unfortunately, I cannot revoke Super User and Delegate Rights from the Privileged global system group. So, when I create a user, with just See type rights, they can do anything they want (I did not place them in any group other than checking the box Let this user be granted rights). By the way, when I look in Rights Matrix, everything is set to Y for this user. I also checked the various queues, and the Privileged group has no rights, and the same goes for the user accounts. The privileges are assigned only at the global group level. We set up a global group for each queue; again the test user was not assigned to any group. One other observation, the NULL account, user id #1 is assign the Super User privilege, is this supposed be right? I tried to revoke it and RT will not let me do it. I did not set up RT originally, as the privilege set up was a carry over from the RT 2 system. I knew this was a bit of a mess, I just did not really know who much a mess it was. Anyway, what should be the defaults for the Everyone, Unprivileged and Privileged global system groups? Do I need to be logged into a special account to revoke Super User and Delegate rights from the Privileged global system group? I guess the next question, is this something I really want to do? Any insight would be greatly appreciated. Take care! Nick - Nick Metrowsky Consulting System Administrator 303-684-4785 Office 303-684-4100 Fax [EMAIL PROTECTED] DigitalGlobe (r), An Imaging and Information Company http://www.digitalglobe.com - -Original Message- From: Todd Chapman [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 14, 2006 2:02 PM To: Nick Metrowsky Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Proper way to set up a read-only user On Wed, Jun 14, 2006 at 10:22:21AM -0600, Nick Metrowsky wrote: Hi Everyone, I would like to set up users in RT which grant them the rights to view tickets and queues, but they cannot change anything. I would like them to have a user id and password, like privileged users. Is there a way to do this? I noticed that the Everyone and Unprivileged user designation allows users to only use the SelfService menu and that is just about it. Make them privileged but don't grant them any rights other thatn See/Show rights. -Todd ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
