Admin - Sample Permissions
Commercial
These permissions create a couple of partner groups, which use the private tickets plugin to restrict access to tickets where the user has had some kind of input.
trac-admin /path/to/projenv permission remove anonymous '*'
trac-admin /path/to/projenv permission remove authenticated '*'
trac-admin /path/to/projenv permission add group-all-users TICKET_VIEW
trac-admin /path/to/projenv permission add group-viewonly group-all-users
trac-admin /path/to/projenv permission add group-viewonly BROWSER_VIEW
trac-admin /path/to/projenv permission add group-viewonly CHANGESET_VIEW
trac-admin /path/to/projenv permission add group-viewonly FILE_VIEW
trac-admin /path/to/projenv permission add group-viewonly LOG_VIEW
trac-admin /path/to/projenv permission add group-viewonly MILESTONE_VIEW
trac-admin /path/to/projenv permission add group-viewonly REPORT_SQL_VIEW
trac-admin /path/to/projenv permission add group-viewonly REPORT_VIEW
trac-admin /path/to/projenv permission add group-viewonly ROADMAP_VIEW
trac-admin /path/to/projenv permission add group-viewonly SEARCH_VIEW
trac-admin /path/to/projenv permission add group-viewonly TICKET_VIEW_GROUP
trac-admin /path/to/projenv permission add group-viewonly TIMELINE_VIEW
trac-admin /path/to/projenv permission add group-viewonly WIKI_VIEW
trac-admin /path/to/projenv permission add group-contributor group-viewonly
trac-admin /path/to/projenv permission add group-contributor EMAIL_VIEW
trac-admin /path/to/projenv permission add group-contributor TICKET_CREATE
trac-admin /path/to/projenv permission add group-contributor TICKET_EDIT_DESCRIPTION
trac-admin /path/to/projenv permission add group-contributor TICKET_MODIFY
trac-admin /path/to/projenv permission add group-contributor WIKI_CREATE
trac-admin /path/to/projenv permission add group-contributor WIKI_MODIFY
trac-admin /path/to/projenv permission add group-viewonly-partner group-all-users
trac-admin /path/to/projenv permission add group-viewonly-partner REPORT_VIEW
trac-admin /path/to/projenv permission add group-viewonly-partner SEARCH_VIEW
trac-admin /path/to/projenv permission add group-viewonly-partner TICKET_VIEW_SELF
trac-admin /path/to/projenv permission add group-contributor-partner group-viewonly-partner
trac-admin /path/to/projenv permission add group-contributor-partner TICKET_CREATE
trac-admin /path/to/projenv permission add group-contributor-partner TICKET_MODIFY
trac-admin /path/to/projenv permission add bob group-contributor
trac-admin /path/to/projenv permission add zed group-viewonly
trac-admin /path/to/projenv permission add sam group-contributor-partner
trac-admin /path/to/projenv permission add kim group-viewonly-partner
Note: The TICKET_VIEW_GROUP and TICKET_VIEW_SELF permissions are
installed by the PrivateTicketsPlugin (Plugins).
I haven’t tested this updated configuration, but the idea is to create a group
which everyone belongs to (group-all-users). All tickets are therefore
owned by someone in this group. We give employees the TICKET_VIEW_GROUP
permission… they will be able to see all tickets because they will always
share a group with the target user. We give partners the TICKET_VIEW_SELF
permission so they can only see tickets where they are the reporter, owner or
CC’d.
Group
To create a group of users who have access to their own tickets (in this
example nhs is the group):
trac-admin /path/to/projenv permission add group-all-nhs-users TICKET_VIEW
trac-admin /path/to/projenv permission add group-viewonly-partner-nhs group-all-nhs-users
trac-admin /path/to/projenv permission add group-viewonly-partner-nhs REPORT_VIEW
trac-admin /path/to/projenv permission add group-viewonly-partner-nhs SEARCH_VIEW
trac-admin /path/to/projenv permission add group-viewonly-partner-nhs TICKET_VIEW_GROUP
trac-admin /path/to/projenv permission add group-contributor-partner-nhs group-viewonly-partner-nhs
trac-admin /path/to/projenv permission add group-contributor-partner-nhs TICKET_CREATE
trac-admin /path/to/projenv permission add group-contributor-partner-nhs TICKET_MODIFY