From Request Tracker Wiki
Jump to navigation Jump to search

On Tue, 20 Apr 2004, joe ritter wrote:

> I am new to RT and have question of the role of Privileged users. How is this role intended to be used exactly? <

All your staff should be privileged; some staff can be more privileged than other staff.

If you configure customers with "let this user access RT: yes" and "let this user be granted privileges: no" and grant them proper rights (CommentOnTicket, CreateTicket, ReplyToTicket, SeeQueue) to the Everyone group (global->system), they will be able to use the Self'Service' interface and see their own tickets. Related groups are Requestor, CC.

There are at least three dimensions of permissions in RT:

  1. The permission itself: things like SeeQueue, CreateTicket, ReplyToTicket, CommentOnTicket, ShowTicket, ShowTicketComments, etc.
  2. Who the permission is assigned to: an individual user, a locally-defined group (like "sales staff", "support staff", "all staff", "customer X"), a system-defined group that applies equally to all tickets (like Everyone or Privileged users), or a system-defined pseudo-group (such as Requestor, CC or Owner) for which every ticket has different members.
  3. Whether it's a global or a per-queue permission.

If you define a user as Privileged, then that user is made a member of the Privileged group in addition to the Everyone group. Only privileged users can be added to locally-defined groups, and be assigned permissions directly. However, unprivileged users can still inherit any permissions that you assign to pseudo-groups like Requestor or CC in addition to the Everyone group.

To grant all staff the right to see all tickets in all queues, define an "all staff" group and assign ShowTicket permission at the global level.

To grant sales staff the right to create tickets in the support queue only, define a "sales staff" group and assign that group the SeeQueue and CreateTicket permission in the "support" queue.

If you want to give everyone the right to see their own tickets in all queues (even in queues that they would normally not be allowed to use), assign Owner and Requestor the ShowTicket permission at the global level.

RT permissions are very flexible, and you may have to experiment before you find settings that work for you.

--apb (Alan Barrett)

-- edited 06/25/2004 (Shane Chen)