Interesting...I have 26 rows, all principal types of group. Of that, there are 9 unique principal ids. If I add the 3 system groups and our 6 user groups, we have 9. Thanks for the sql...I'll look around and see why these have that right, where it came from, and I'll post back.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ruslan Zakirov Sent: Thursday, October 06, 2011 9:49 AM To: Izz Abdullah Cc: [email protected] Subject: Re: [rt-users] skip the queue selection for unprivileged users Hi, Unprivileged users still can be in some groups. Use SELECT * FROM ACL WHERE RightName = 'SeeQueue'; This may give you a clue. On Thu, Oct 6, 2011 at 3:59 PM, Izz Abdullah <[email protected]> wrote: > That is what I thought, but I can only 'see' the privileged users in the web > UI since we are using LDAP authentication. So if I go instead to > Tools->Configuration->Global->Group Rights, I have already removed the rights > for 'Everyone' and 'Unprivileged'. These two groups have no rights at all at > the global level. The user groups we have defined are limited to privileged > users, so this is why I am stumped removing the rights hasn't solved my > problem. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Ruslan Zakirov > Sent: Thursday, October 06, 2011 8:54 AM > To: Izz Abdullah > Cc: [email protected] > Subject: Re: [rt-users] skip the queue selection for unprivileged users > > Hi, > > Then SeeQueue and CreateTicket is granted to too many users. > > On Thu, Oct 6, 2011 at 3:44 PM, Izz Abdullah <[email protected]> wrote: >> So I have removed all the rights from a 3.8.4 migrated database into 4.0.2 >> for unprivileged users on all queues except the ‘General’ queue. I also >> have set in the SiteConfig file the DefaultQueue to “General”, but >> unprivileged users still receive a screen for ‘Queue selection’ when >> creating a new ticket, AND it allows them to create tickets in queues other >> than the General queue. >> >> >> >> I am a bit stumped on this. If I have removed the permissions, why can >> unprivileged users still see and create tickets in other queues? >> >> >> >> We have, for example Queue1, Queue2, Queue3, etc. >> >> I don’t want them to see or access Queue1 – QueueN, but ONLY the General >> Queue. >> >> -------- >> RT Training Sessions (http://bestpractical.com/services/training.html) >> * San Francisco, CA, USA — October 18 & 19, 2011 >> * Washington DC, USA — October 31 & November 1, 2011 >> * Barcelona, Spain — November 28 & 29, 2011 >> > > > > -- > Best regards, Ruslan. > -------- > RT Training Sessions (http://bestpractical.com/services/training.html) > * San Francisco, CA, USA October 18 & 19, 2011 > * Washington DC, USA October 31 & November 1, 2011 > * Barcelona, Spain November 28 & 29, 2011 -- Best regards, Ruslan. -------- RT Training Sessions (http://bestpractical.com/services/training.html) * San Francisco, CA, USA October 18 & 19, 2011 * Washington DC, USA October 31 & November 1, 2011 * Barcelona, Spain November 28 & 29, 2011
