I ran into a similar thing with BlackMagic plugin - the one that lets you have field-level permissions. Wanted to grant access to financial fields to the finance folk - but not the whole company. I am pondering whether it's a good idea to just add a feature to trac to create a group of permissions which are not available to TRAC_ADMIN.
On Wednesday, May 28, 2014 12:50:31 PM UTC-7, RjOllos wrote: > > On Wednesday, May 14, 2014 1:44:50 PM UTC-7, hasienda wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 08.05.2014 11:50, russell gower wrote: >> > Hi, >> > I’m evaluating the SensitiveTicketsPlugin but I’ve hit a snag that may >> > prevent me from using it, basically we don’t want users with TRAC_ADMIN >> > privileges to see tickets marked as sensitive unless they would see >> them >> > if they didn’t have the TRAC_ADMIN privilege, is this possible? >> >> Sorry for the late response, but No, you cannot do that because of >> hard-coded TRAC_ADMIN behavior to inherit ANY action/permission defined >> on a Trac system. >> > > My approach would be to reconsider the users to which you are granting > TRAC_ADMIN. What actions do you wish those users to perform that requires > they have TRAC_ADMIN and why don't you trust those users to see some > tickets? > > Note that you can grant TRAC_ADMIN at the resource level using > TracFineGrainedPermissions. That would allow you to revoke the coarse > TRAC_ADMIN for those users that you don't wish to see the sensitive > tickets, and grant them TRAC_ADMIN for specific resources. > http://trac.edgewall.org/wiki/TracFineGrainedPermissions > > -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
