To List & Kevin & Jeff,
Whomever created RightsMatrix, I owe them a beer. Actually a pitcher.
I SSOOOOOOOOOOO embarrassed by this mistake. However, confession is good for
the soul.
I’ve been on 3.6.4 so for so long, I completely forgot that 3.8.7 allows the
granting of “SuperUser” at the group level, whereas in 3.6.4, that was not
possible. I am BIG on *not *granting rights to individual users, but because
of 3.6.4, I had granted the “SuperUser” right to a few individuals.
Then along comes 3.8.7 and I had found out we could grant “SuperUser” at the
group level so I did. Then just recently, wanted to do a test and the
person I wanted to do the test was a “SuperUser”. Since that would defeat
the test, I removed the “SuperUser” right for that individual, but forgot
about that right having been granted for a group he was in. So when I looked
at his individual rights, he shouldn’t have that right, yet he was creating
a ticket. So I finally woke up and used RightsMatrix and clicked the Y under
that right under “ALL” and lo and behold, the answer.
It is now corrected and it works fine.
The problem with the never-ending email loop is, of course, unrelated. We
think it has to do with the “Timeline” directory/code bumping into
“CommandByMail” directory/code in that Takeaction seems to keep repeating
it’s rejection. We’re going to remove TImeline and try again.
Thanks again for your time and effort.
Kenn
LBNLOn Thu, Apr 22, 2010 at 6:53 AM, Kevin Falcone falcone@bestpractical.comwrote:
On Wed, Apr 21, 2010 at 01:39:04PM -0700, Kenneth Crocker wrote:
- Email from any RT User creates a ticket in a queue, EVEN when the
right “CreateTicket” has
NOT been applied to that User/group/role/Sys group for that Queue. It
still gets in and
becomes a ticket. I checked the rights on this VERY thoroughly.
You must have a misconfiguration, setting up a vanilla 3.8.7 with a
user who has no CreateTicket rights anywhere and injecting mail from
that user gets
not ok - Ticket creation failed: No permission to create tickets in
the queue ‘General’
as a result. This is because Auth::MailFrom will reject the user
before CommandByMail gets to it
- Email from NON-RT Users and NON-LDAP Users gets sent back to the
“from” address in a
never-ending loop.
I know how to turn off the loop, by temporarily turning off
“TakeAction:” from the Plugin and
then bouncing RT.
The two questions I have are:
It isn’t clear to me why notifying the From: in your environment
causes a loop
-kevin
Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com