You need to ask the ticket raiser exactly what they want the comsat user to be able to do.
You can (should) give comsat their own uid AND (exclusive) gid, but after that its really down to protecting other users by making sure they don't add other/world perms.
Read only access to a given app or database is likely more realistic.
Of course if you have an OS that has role-based profiles available, it may be do-able.
Last edited by chrism01; 04-22-2014 at 07:46 AM.