Hi all,
We’ve just discovered something odd. It seems that all users can comment on
tickets, even though we’ve removed the “comment on tickets” right
everywhere we’ve found it–all groups, privileged users, everyone, etc. I
could simply remove the comment action from the actions list, but I’d
rather find out why the right revoking isn’t doing what I thought.
Is there a way to search the RT database to see where this right is
enabled, to check that none of us (admins) missed it somewhere? Is there a
second right that might cause this action to appear, that isn’t called
“comment on tickets”? Maybe we’ve just overlooked something seemingly not
important but that actually causes commenting to be granted?
To clarify my “search the database” question: I know SQL and how to query
the RT database. I just don’t know which tables or columns to include, or
what value to look for. Thanks.
Hi Alex,On Thu, Dec 15, 2016 at 8:28 AM, Alex Hall ahall@autodist.com wrote:
Hi all,
We’ve just discovered something odd. It seems that all users can comment on
tickets, even though we’ve removed the “comment on tickets” right everywhere
we’ve found it–all groups, privileged users, everyone, etc. I could simply
remove the comment action from the actions list, but I’d rather find out why
the right revoking isn’t doing what I thought.
Is there a way to search the RT database to see where this right is enabled,
to check that none of us (admins) missed it somewhere? Is there a second
right that might cause this action to appear, that isn’t called “comment on
tickets”? Maybe we’ve just overlooked something seemingly not important but
that actually causes commenting to be granted?
To clarify my “search the database” question: I know SQL and how to query
the RT database. I just don’t know which tables or columns to include, or
what value to look for. Thanks.
I’ve just discovered that “modify tickets” includes–for some strange
reason–the comment right. Thus, if we want users to be able to modify
other aspects of tickets, they automatically get granted the right to
comment as well. This seems like an odd decision, but at least I think I’ve
found the problem.
Back to removing the option from the Actions menu, then. I’ve been
searching, but I don’t know where this action gets added. I’ve found a few
places where some actions are added to @Actions, but never “comment”.
You mentioned a rights debugger in 4.6. Is 4.6 out for testing? Rights
debugging sounds very useful!On Thu, Dec 15, 2016 at 11:56 AM, Matt Zagrabelny mzagrabe@d.umn.edu wrote:
Hi all,
We’ve just discovered something odd. It seems that all users can comment
on
tickets, even though we’ve removed the “comment on tickets” right
everywhere
we’ve found it–all groups, privileged users, everyone, etc. I could
simply
remove the comment action from the actions list, but I’d rather find out
why
the right revoking isn’t doing what I thought.
Is there a way to search the RT database to see where this right is
enabled,
to check that none of us (admins) missed it somewhere? Is there a second
right that might cause this action to appear, that isn’t called “comment
on
tickets”? Maybe we’ve just overlooked something seemingly not important
but
that actually causes commenting to be granted?
To clarify my “search the database” question: I know SQL and how to query
the RT database. I just don’t know which tables or columns to include, or
what value to look for. Thanks.
I’ve just discovered that “modify tickets” includes–for some strange
reason–the comment right. Thus, if we want users to be able to modify
other aspects of tickets, they automatically get granted the right to
comment as well. This seems like an odd decision, but at least I think
I’ve found the problem.
Back to removing the option from the Actions menu, then. I’ve been
searching, but I don’t know where this action gets added. I’ve found a
few places where some actions are added to @Actions, but never “comment”.