KFCrocker at lbl
Jun 15, 2006, 9:39 AM
Post #2 of 11
(1538 views)
Permalink
|
Matthew Hunt wrote:
> Hello all,
>
> Just a kwik one, I have several queues and several groups, but I only
> want these individual groups to only view the "10 newest unowned
> tickets..." of there group. At the mo they can see all tickets that
> have not been taken which i do not want. To make it even more simpler,
> for me and any coding, is that they cannot see this area at all, but
> only look into there own queues from the right hand Quick search bar.
> If any one has any info or coding on this I would be most grateful.
>
> Many thanks
>
Matthew,
Get away from global privileges, except for yourself (set up
yourself as SuperUser, no one else except maybe a backup). Set up
groups, like "Queuename-Tech" or "Queuename-Support" and
"Queuename-User". Put users in these groups as appropriate. Remove all
individual user privileges at both the Global and Queue level. Set your
Global group privileges for "EVERYONE" or "PRIVILEGED" (depends on how
you initially set up users when you add them to RT) to
ShowOutgoingEmail, CreateSavedSearch, EditSavedSearches,
LoadSavedSearch, ShowSavedSearches, and ModifySelf (ModifySelf is
required in conjunction with all the search rights if you want people to
create and save their own queries). Set up the Global Role of AdminCc
with the rights you want for all those users running/Administrating a
Queue (for example; We gave this global role all rights except:
AdminAllPersonalGroups, AdminCustomField, AdminOwnPersonalGroups, all
the Search rights because we already gave that to everyone,
ModifyTemplate, Superuser, and Watch. We did this because we like to
keep redundant and inconsistent creation of custom fields and group
names, etc. to a minimum so we do those things ourselves as the
administrators of RT itself as Superusers). That's it for Global rights.
Then, go to Configuration, Queues, Group rights and set up the rights
you want for each role *FOR THAT QUEUE* (for example; *For CC's* -
SeeQueue, ShowTicket, Watch. *For Requestors* - CreateTicket, SeeQueue,
ShowTicket, ReplyToTicket,Watch. *For Owners* - CommentOnTicket,
CreateTicket, ModifyTicket, DeleteTicket, OwnTicket, ReplyToTicket,
ShowTicket, SeeQueue, ShowTicketComments, ShowTemplate, TakeTicket,
Watch). Then set up the rights for each *group* you want to have access
*TO THAT QUEUE* for the kind of access you want them to have and you're
done. You might want to consider giving the same rights that are listed
for Owners to your support groups and then you can Remove the rights
from the Qwner's role (because of redundancy) OR you could just give
OwnTicket to that group and leave the Owners role with those rights I
listed. This keeps users from Queues and tickets you don't want them to
se or mess with. Works great for us. We even have our own Approval Queue
to act as a filter for requests that should not go to Technical Queues
at all but could be resolved by a Business Analyst, etc. Hope this helps.
Kenn
LBNL
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sales [at] bestpractical
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
|
