Hi, ATM the right management is like this: Situation: Our computing department is divided into several groups, i.e. FirstLevel-Support, Mail-Team, Networking-Team, PC-Support etc. Each team has different queues for different 'sub'-problems. For example: Mail-Team: main-queue Mail sub-queues imapserver, webmail, listserver PC-Support: main-queue PC-Support sub-queues Windows, Office-SW, other OS, other Application Networking-Team: main Network sub IP, cabling, security We have three different 'incoming'-Queues FirstLevel is responsible for. (Support, abuse, viruses) All users should be able to read, create and move in all Queues to pass tickets. All users should full access to the incoming queues. And each team member should have full access to all team-queues With the current rights-scheme I had to set up like this: One Group 'All users' which owns the Firstlevel-Queues and has all users as full members and one group for each team for the associated 'Team'-queues which has all Team-Members as full users and all others with ro,create,move_into. We have about 50 Users. I needed almost one hour to have all rights set up :-( I would like to see the following: Relationship "user -- group": Just user is member in these groups .... and group members are ... Relationship "group -- queue": Each queue has an 'Owner'-Group which always has full access and each queue can have 'additional' groups where the rights can be set like the current scheme In my example: queue PC-Support:Windows, owner group "PC-Support" additional rights: group "Mail-Team" ro,create,move_into" to make it perfect: Relationship "user -- queue": it should be possible to give rights to single users like User x from Networking team has full access to Mail:imapserver this would really great. -- Jörg Friedrich