On Wednesday, May 14, 2014 1:44:50 PM UTC-7, hasienda wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 08.05.2014 11:50, russell gower wrote: > > Hi, > > I’m evaluating the SensitiveTicketsPlugin but I’ve hit a snag that may > > prevent me from using it, basically we don’t want users with TRAC_ADMIN > > privileges to see tickets marked as sensitive unless they would see them > > if they didn’t have the TRAC_ADMIN privilege, is this possible? > > Sorry for the late response, but No, you cannot do that because of > hard-coded TRAC_ADMIN behavior to inherit ANY action/permission defined > on a Trac system. >
My approach would be to reconsider the users to which you are granting TRAC_ADMIN. What actions do you wish those users to perform that requires they have TRAC_ADMIN and why don't you trust those users to see some tickets? Note that you can grant TRAC_ADMIN at the resource level using TracFineGrainedPermissions. That would allow you to revoke the coarse TRAC_ADMIN for those users that you don't wish to see the sensitive tickets, and grant them TRAC_ADMIN for specific resources. http://trac.edgewall.org/wiki/TracFineGrainedPermissions -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
