Hi Cyrille, that is because it is not in the docs :-( On 13.03.2012, at 19:18, Cyrille Bollu wrote:

Thank you for your answer; I hadn't found this information anywhere in the doc.

Le 12/03/2012 13:43, Nils Leideck a écrit :

...

That’s a common misunderstanding in OTRS! Group_ro only means that you only need “ro” permissions to access the module. What you can do within the module is not limited or controled by this setting. The module AdminUser doesn’t have a deeper permission concept. If you can access the module you can administrate agents/users, nothing else - no further magic or hacks here.

On 12.03.2012, at 20:33, cyrille wrote:

...

Do the "group ro" fields in Frontend::Admin::ModuleRegistration work at all? Or Am I missing something? For example, I've set the "group ro" field to "users" in Frontend::Module###AdminUser, and, while setting it so does allow users to see the "Agents" entry, it also allow them to change agents (as if they would have rw access). I couldn't figure out yet how to give them ro access only. Is it possible to only give read-only access to admin modules?

Cheers, Nils -- http://webint.cryptonode.de / a Fractal project

Sorry, I forgot to say I'm using OTRS::ITSM 3.1.1 BR, Cyrille On 12/03/12 20:42, cyrille wrote:

Hi,

I've realised that my explanation may be a little bit short in detail.

So, here's more:

I've changed the configuration so that the AdminUser module would be viewable by the superusers group.

Here's the corresponding configuration in file Kernel/Config/Files/ZZZAuto.pm:

$Self->{'Frontend::Module'}->{'AdminCustomerUser'} = { 'Description' => 'Edit Customers', 'Group' => [ 'admin' ], * 'GroupRo' => [ 'superusers' ],* 'Loader' => { 'JavaScript' => [ 'Core.Agent.TicketAction.js' ] }, 'NavBar' => [ { 'AccessKey' => 'c', 'Block' => 'ItemArea', 'Description' => '', 'Link' => 'Action=AdminCustomerUser;Nav=Agent', 'LinkOption' => '', 'Name' => 'Customers', 'NavBar' => 'Customers', 'Prio' => '9000', 'Type' => 'Menu' } ], 'NavBarModule' => { 'Block' => 'Customer', 'Description' => 'Create and manage customers.', 'Module' => 'Kernel::Output::HTML::NavBarModuleAdmin', 'Name' => 'Customers', 'Prio' => '300' }, 'NavBarName' => 'Customers', 'Title' => 'Customers' };

But, that doesn't work: superusers members still can edit/create users.

Do you have any idea why?

Best regards,

Cyrille

-------- Original Message -------- Subject: [otrs] "group ro" and the admin module Date: Mon, 12 Mar 2012 11:33:24 +0100 From: cyrille Reply-To: User questions and discussions about OTRS. To: otrs@otrs.org

Hi all,

Do the "group ro" fields in Frontend::Admin::ModuleRegistration work at all? Or Am I missing something?

For example, I've set the "group ro" field to "users" in Frontend::Module###AdminUser, and, while setting it so does allow users to see the "Agents" entry, it also allow them to change agents (as if they would have rw access). I couldn't figure out yet how to give them ro access only.

Is it possible to only give read-only access to admin modules?

Best regards,

Cyrille Bollu --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage:http://otrs.org/ Archive:http://lists.otrs.org/pipermail/otrs To unsubscribe:http://lists.otrs.org/cgi-bin/listinfo/otrs

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

-- *Cyrille Bollu * Belnet . ICT & Logistics Louizalaan 231 Avenue Louise Brussel 1050 Bruxelles België . Belgique T: +32 2 790 33 33 *www.belnet.be http://www.belnet.be*