Default password

The default password ‘password’ isn’t working for me (do I have a black
thumb of death or what? :slight_smile: ). I haven’t been able to find anything
about resetting it.

The default password ‘password’ isn’t working for me (do I have a black
thumb of death or what? :slight_smile: ). I haven’t been able to find anything
about resetting it.

I found RecoverRootPassword - Request Tracker Wiki
However… it doesn’t help :frowning:

mysql> update Users set Password=‘X03MO1qnZdYdgyfeuILPmQ’ where
Name=‘root’;
Query OK, 0 rows affected (0.00 sec)
Rows matched: 0 Changed: 0 Warnings: 0

mysql> UPDATE Users SET Password=‘X03MO1qnZdYdgyfeuILPmQ’ WHERE
Name=‘root’;
Query OK, 0 rows affected (0.01 sec)
Rows matched: 0 Changed: 0 Warnings: 0

0 rows affected sounds like there is no username “root”?

John Oliver wrote:

I found RecoverRootPassword - Request Tracker Wiki
However… it doesn’t help :frowning:

mysql> update Users set Password=‘X03MO1qnZdYdgyfeuILPmQ’ where
Name=‘root’;
Query OK, 0 rows affected (0.00 sec)
Rows matched: 0 Changed: 0 Warnings: 0

mysql> UPDATE Users SET Password=‘X03MO1qnZdYdgyfeuILPmQ’ WHERE
Name=‘root’;
Query OK, 0 rows affected (0.01 sec)
Rows matched: 0 Changed: 0 Warnings: 0

0 rows affected sounds like there is no username “root”
mysql -u (whatever) -p (if needed)
then you need to change to the rt db
use “name_of_rt_db”
then you can reset the passwd.

At Tuesday 7/31/2007 04:33 PM, John Oliver wrote:

The default password ‘password’ isn’t working for me (do I have a black
thumb of death or what? :slight_smile: ). I haven’t been able to find anything
about resetting it.

http://wiki.bestpractical.com/view/RecoverRootPassword

Steve

John Oliver wrote:

I found RecoverRootPassword - Request Tracker Wiki
However… it doesn’t help :frowning:

mysql> update Users set Password=‘X03MO1qnZdYdgyfeuILPmQ’ where
Name=‘root’;
Query OK, 0 rows affected (0.00 sec)
Rows matched: 0 Changed: 0 Warnings: 0

mysql> UPDATE Users SET Password=‘X03MO1qnZdYdgyfeuILPmQ’ WHERE
Name=‘root’;
Query OK, 0 rows affected (0.01 sec)
Rows matched: 0 Changed: 0 Warnings: 0

0 rows affected sounds like there is no username “root”
mysql -u (whatever) -p (if needed)
then you need to change to the rt db
use “name_of_rt_db”
then you can reset the passwd.

Yes, I know… :slight_smile:

[root@rt3 ~]# mysql -h ntdbs01 -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 15
Server version: 5.0.22

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql> use rt3;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> update Users set Password=‘X03MO1qnZdYdgyfeuILPmQ’ where
Name=‘root’;
Query OK, 0 rows affected (0.00 sec)
Rows matched: 0 Changed: 0 Warnings: 0

mysql> UPDATE Users SET Password=‘X03MO1qnZdYdgyfeuILPmQ’ WHERE
Name=‘root’;
Query OK, 0 rows affected (0.01 sec)
Rows matched: 0 Changed: 0 Warnings: 0

I shouldn’t have to manually add a ‘root’ user. Right?

John Oliver wrote:

I shouldn’t have to manually add a ‘root’ user. Right?

after use rt3 do show tables
then
select * from Users

is root in there ?

John Oliver wrote:

I shouldn’t have to manually add a ‘root’ user. Right?

after use rt3 do show tables
then
select * from Users

is root in there ?

No.

But the tables are there…

[root@rt3 ~]# mysql -h ntdbs01 -u rt_user -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 18
Server version: 5.0.22

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql> use rt3;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
| Tables_in_rt3 |
| ACL |
| Attachments |
| Attributes |
| CachedGroupMembers |
| CustomFieldValues |
| CustomFields |
| GroupMembers |
| Groups |
| Links |
| ObjectCustomFieldValues |
| ObjectCustomFields |
| Principals |
| Queues |
| ScripActions |
| ScripConditions |
| Scrips |
| Templates |
| Tickets |
| Transactions |
| Users |
| sessions |
21 rows in set (0.00 sec)

Absolutely bizarre.

OK, how do I add a root user correctly?

Have you any users in your Users table, if not then I would recommend
re-installing RT, cause you need more than just the root user like the
user Nobody and RT_System.

Rgds;
Roy

John Oliver wrote:> On Tue, Jul 31, 2007 at 02:53:50PM -0700, Chaim Rieger wrote:

John Oliver wrote:

I shouldn’t have to manually add a ‘root’ user. Right?

after use rt3 do show tables
then
select * from Users

is root in there ?

No.

But the tables are there…

[root@rt3 ~]# mysql -h ntdbs01 -u rt_user -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 18
Server version: 5.0.22

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql> use rt3;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
±------------------------+
| Tables_in_rt3 |
±------------------------+
| ACL |
| Attachments |
| Attributes |
| CachedGroupMembers |
| CustomFieldValues |
| CustomFields |
| GroupMembers |
| Groups |
| Links |
| ObjectCustomFieldValues |
| ObjectCustomFields |
| Principals |
| Queues |
| ScripActions |
| ScripConditions |
| Scrips |
| Templates |
| Tickets |
| Transactions |
| Users |
| sessions |
±------------------------+
21 rows in set (0.00 sec)

Absolutely bizarre.

OK, how do I add a root user correctly?

Have you any users in your Users table, if not then I would recommend
re-installing RT, cause you need more than just the root user like the
user Nobody and RT_System.

Reinstall???

Wouldn’t dropping the database and re-running rt-setup-database, in
theory, be sufficient?

Which leads to another problem…

[root@rt3 ~]# /usr/sbin/rt-setup-database --action init --dba rt_user
–prompt-for-dba-password
In order to create or update your RT database,this script needs to
connect to your mysql instance on 10.12.14.149 as rt_user.
Please specify that user’s database password below. If the user has no
database
password, just press return.

Password:
Now creating a database for RT.
Creating mysql database rt3.
Now populating database schema.
Creating database schema.
readline() on closed filehandle SCHEMA_LOCAL at
/usr/sbin/rt-setup-database line 192.
Done setting up database schema.
Now inserting database ACLs
DBD::mysql::st execute failed: Access denied for user
‘rt_user’@‘10.12.14.164’ to database ‘mysql’ at
/usr/sbin/rt-setup-database line 345.
Problem with statement:
USE mysql;
Access denied for user ‘rt_user’@‘10.12.14.164’ to database ‘mysql’ at
/usr/sbin/rt-setup-database line 346.

rt-setup-database apparantly can start setting up the database, but runs
into a problem because it tries to access the ‘mysql’ database. I
dropped the rt3 database and granted all to rt_user, but it still fails.
So… what is the correct way to initialize the rt3 database?

Yes all you need is ~]# /usr/sbin/rt-setup-database and all mysql related
stuff as per the read me …
have a look at the wiki installation document it explains how to deal with
your error.
Roy----- Original Message -----
From: “John Oliver” joliver@john-oliver.net
To: rt-users@lists.bestpractical.com
Sent: Wednesday, August 01, 2007 6:41 PM
Subject: Re: [rt-users] Default password

On Wed, Aug 01, 2007 at 06:09:42PM +0100, Roy El-Hames wrote:

Have you any users in your Users table, if not then I would recommend
re-installing RT, cause you need more than just the root user like the
user Nobody and RT_System.

Reinstall???

Wouldn’t dropping the database and re-running rt-setup-database, in
theory, be sufficient?

Which leads to another problem…

[root@rt3 ~]# /usr/sbin/rt-setup-database --action init --dba rt_user
–prompt-for-dba-password
In order to create or update your RT database,this script needs to
connect to your mysql instance on 10.12.14.149 as rt_user.
Please specify that user’s database password below. If the user has no
database
password, just press return.

Password:
Now creating a database for RT.
Creating mysql database rt3.
Now populating database schema.
Creating database schema.
readline() on closed filehandle SCHEMA_LOCAL at
/usr/sbin/rt-setup-database line 192.
Done setting up database schema.
Now inserting database ACLs
DBD::mysql::st execute failed: Access denied for user
‘rt_user’@‘10.12.14.164’ to database ‘mysql’ at
/usr/sbin/rt-setup-database line 345.
Problem with statement:
USE mysql;
Access denied for user ‘rt_user’@‘10.12.14.164’ to database ‘mysql’ at
/usr/sbin/rt-setup-database line 346.

rt-setup-database apparantly can start setting up the database, but runs
into a problem because it tries to access the ‘mysql’ database. I
dropped the rt3 database and granted all to rt_user, but it still fails.
So… what is the correct way to initialize the rt3 database?




The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Have you any users in your Users table, if not then I would recommend
re-installing RT, cause you need more than just the root user like the
user Nobody and RT_System.

Reinstall???

Wouldn’t dropping the database and re-running rt-setup-database, in
theory, be sufficient?
should

Which leads to another problem…

[root@rt3 ~]# /usr/sbin/rt-setup-database --action init --dba rt_user
–prompt-for-dba-password
In order to create or update your RT database,this script needs to
connect to your mysql instance on 10.12.14.149 as rt_user.
Please specify that user’s database password below. If the user has no
database
password, just press return.

Password:
Now creating a database for RT.
Creating mysql database rt3.
Now populating database schema.
Creating database schema.
readline() on closed filehandle SCHEMA_LOCAL at
/usr/sbin/rt-setup-database line 192.
Done setting up database schema.
Now inserting database ACLs
DBD::mysql::st execute failed: Access denied for user
‘rt_user’@‘10.12.14.164’ to database ‘mysql’ at
/usr/sbin/rt-setup-database line 345.
Problem with statement:
USE mysql;
Access denied for user ‘rt_user’@‘10.12.14.164’ to database ‘mysql’ at
/usr/sbin/rt-setup-database line 346.

rt-setup-database apparantly can start setting up the database, but runs
into a problem because it tries to access the ‘mysql’ database. I
dropped the rt3 database and granted all to rt_user, but it still fails.
So… what is the correct way to initialize the rt3 database?
Here is the DatabaseRTHost option in the config that comes into play.
Set it to ‘10.12.14.164’ before running make initdb. As well you can
use --with-db-rt-host option of the configure script to set it, note
that you MUST run make install again before make initdb in this
case.




The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Best regards, Ruslan.

Here is the DatabaseRTHost option in the config that comes into play.
Set it to ‘10.12.14.164’ before running make initdb. As well you can
use --with-db-rt-host option of the configure script to set it, note
that you MUST run make install again before make initdb in this
case.

Ahh!

Now I’m getting closer.

[root@rt3 ~]# /usr/sbin/rt-setup-database --action init --dba root
–prompt-for-dba-password
In order to create or update your RT database,this script needs to
connect to your mysql instance on 10.12.14.149 as root.
Please specify that user’s database password below. If the user has no
database
password, just press return.

Password:
Now creating a database for RT.
Creating mysql database rt3.
Now populating database schema.
Creating database schema.
readline() on closed filehandle SCHEMA_LOCAL at
/usr/sbin/rt-setup-database line 192.
Done setting up database schema.
Now inserting database ACLs
DBD::mysql::st execute failed: Access denied for user
‘root’@‘10.12.14.164’ to database ‘rt3’ at /usr/sbin/rt-setup-database
line 345.
Problem with statement:
GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE ON rt3.* TO
rt_user@‘10.12.14.164’ IDENTIFIED BY ‘***********’;
Access denied for user ‘root’@‘10.12.14.164’ to database ‘rt3’ at
/usr/sbin/rt-setup-database line 346.

On the MySQL server, I did:

grant all on . to ‘root’@‘10.12.14.164’ identified by ‘********’

but am still getting that error.

Thanks!

Well, sounds like you have a mysql problem now. While logged into your RT
host, and assuming you have a mysql client installed, can you successfully
connect the mysqld instance on 10.12.14.164? What happens when you do:

mysql -u root -p -h 10.12.14.164

What about:

mysql -u root -p -h 10.12.14.164 rt3

In the examples above, you will be prompted for the password.

James Moseley

         John Oliver                                                   
         <joliver@john-oli                                             
         ver.net>                                                   To 
         Sent by:                  rt-users@lists.bestpractical.com    
         rt-users-bounces@                                          cc 
         lists.bestpractic                                             
         al.com                                                Subject 
                                   Re: [rt-users] Default password     
                                                                       
         08/02/2007 01:09                                              
         PMOn Thu, Aug 02, 2007 at 02:39:18AM +0400, Ruslan Zakirov wrote:

Here is the DatabaseRTHost option in the config that comes into play.
Set it to ‘10.12.14.164’ before running make initdb. As well you can
use --with-db-rt-host option of the configure script to set it, note
that you MUST run make install again before make initdb in this
case.

Ahh!

Now I’m getting closer.

[root@rt3 ~]# /usr/sbin/rt-setup-database --action init --dba root
–prompt-for-dba-password
In order to create or update your RT database,this script needs to
connect to your mysql instance on 10.12.14.149 as root.
Please specify that user’s database password below. If the user has no
database
password, just press return.

Password:
Now creating a database for RT.
Creating mysql database rt3.
Now populating database schema.
Creating database schema.
readline() on closed filehandle SCHEMA_LOCAL at
/usr/sbin/rt-setup-database line 192.
Done setting up database schema.
Now inserting database ACLs
DBD::mysql::st execute failed: Access denied for user
‘root’@‘10.12.14.164’ to database ‘rt3’ at /usr/sbin/rt-setup-database
line 345.
Problem with statement:
GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE ON rt3.* TO
rt_user@‘10.12.14.164’ IDENTIFIED BY ‘***********’;
Access denied for user ‘root’@‘10.12.14.164’ to database ‘rt3’ at
/usr/sbin/rt-setup-database line 346.

On the MySQL server, I did:

grant all on . to ‘root’@‘10.12.14.164’ identified by ‘********’

but am still getting that error.

Thanks!

http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Well, sounds like you have a mysql problem now. While logged into your RT
host, and assuming you have a mysql client installed, can you successfully
connect the mysqld instance on 10.12.14.164? What happens when you do:

mysql -u root -p -h 10.12.14.164

What about:

mysql -u root -p -h 10.12.14.164 rt3

In the examples above, you will be prompted for the password.

There is no MySQL running on .164 MySQL is on .149 I’m absolutely sure
that this is a MySQL issue… it appears that “root” on .164 doesn’t
have the correct privileges on .149 I tried to at least temporarily
give root@10.12.14.164 full access on .149 but it didn’t work as
expected.

My first guess is that rt-setup-database is trying to be too selective
in the permissions it’s granting… we can see that it’s trying to give
GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE to rt_user, so maybe when
it creates the rt3 database it is using something other than ALL for
‘root’?

Access denied for user ‘root’@‘10.12.14.164’ to database ‘rt3’ at
/usr/sbin/rt-setup-database line 346.

Since ‘root’@‘10.12.14.164’ created rt3, that’s the only reason I can
think of that it’s failing… the creator doesn’t have enough
privileges, or is assuming that the database is on localhost, if that
makes a difference.> On Thu, Aug 02, 2007 at 02:39:18AM +0400, Ruslan Zakirov wrote:

Here is the DatabaseRTHost option in the config that comes into play.
Set it to ‘10.12.14.164’ before running make initdb. As well you can
use --with-db-rt-host option of the configure script to set it, note
that you MUST run make install again before make initdb in this
case.

Ahh!

Now I’m getting closer.

[root@rt3 ~]# /usr/sbin/rt-setup-database --action init --dba root
–prompt-for-dba-password
In order to create or update your RT database,this script needs to
connect to your mysql instance on 10.12.14.149 as root.
Please specify that user’s database password below. If the user has no
database
password, just press return.

Password:
Now creating a database for RT.
Creating mysql database rt3.
Now populating database schema.
Creating database schema.
readline() on closed filehandle SCHEMA_LOCAL at
/usr/sbin/rt-setup-database line 192.
Done setting up database schema.
Now inserting database ACLs
DBD::mysql::st execute failed: Access denied for user
‘root’@‘10.12.14.164’ to database ‘rt3’ at /usr/sbin/rt-setup-database
line 345.
Problem with statement:
GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE ON rt3.* TO
rt_user@‘10.12.14.164’ IDENTIFIED BY ‘***********’;
Access denied for user ‘root’@‘10.12.14.164’ to database ‘rt3’ at
/usr/sbin/rt-setup-database line 346.

On the MySQL server, I did:

grant all on . to ‘root’@‘10.12.14.164’ identified by ‘********’

but am still getting that error.

Thanks!

Sorry, I got the IP addresses backwards. What I wanted you to figure out
was if you could connect to the db server from the RT server using the
‘root’ user via mysql client. From the RT server try:

mysql -u root -p -h 10.12.14.149

What about:

mysql -u root -p -h 10.12.14.149 rt3

If you can connect successfully to the rt3 database using the 2nd command
above, try creating a test table:

mysql> create table testing123;

If your manual connection attempts to the mysql database or your table
creation attempt fails, then you simply haven’t set your permissions
correctly for the root user. At that point, I would suggest you read the
mysql help pages regarding grant permission syntax:

http://dev.mysql.com/doc/refman/5.0/en/grant.html

Also, disable selinux on the DB server, if applicable.

James Moseley

         John Oliver                                                   
         <joliver@john-oli                                             
         ver.net>                                                   To 
         Sent by:                  rt-users@lists.bestpractical.com    
         rt-users-bounces@                                          cc 
         lists.bestpractic                                             
         al.com                                                Subject 
                                   Re: [rt-users] Default password     
                                                                       
         08/02/2007 03:41                                              
         PM                                                            

Well, sounds like you have a mysql problem now. While logged into your
RT
host, and assuming you have a mysql client installed, can you
successfully
connect the mysqld instance on 10.12.14.164? What happens when you do:

mysql -u root -p -h 10.12.14.164

What about:

mysql -u root -p -h 10.12.14.164 rt3

In the examples above, you will be prompted for the password.

There is no MySQL running on .164 MySQL is on .149 I’m absolutely sure
that this is a MySQL issue… it appears that “root” on .164 doesn’t
have the correct privileges on .149 I tried to at least temporarily
give root@10.12.14.164 full access on .149 but it didn’t work as
expected.

My first guess is that rt-setup-database is trying to be too selective
in the permissions it’s granting… we can see that it’s trying to give
GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE to rt_user, so maybe when
it creates the rt3 database it is using something other than ALL for
‘root’?

Access denied for user ‘root’@‘10.12.14.164’ to database ‘rt3’ at
/usr/sbin/rt-setup-database line 346.

Since ‘root’@‘10.12.14.164’ created rt3, that’s the only reason I can
think of that it’s failing… the creator doesn’t have enough
privileges, or is assuming that the database is on localhost, if that
makes a difference.> On Thu, Aug 02, 2007 at 02:39:18AM +0400, Ruslan Zakirov wrote:

Here is the DatabaseRTHost option in the config that comes into play.
Set it to ‘10.12.14.164’ before running make initdb. As well you can
use --with-db-rt-host option of the configure script to set it, note
that you MUST run make install again before make initdb in this
case.

Ahh!

Now I’m getting closer.

[root@rt3 ~]# /usr/sbin/rt-setup-database --action init --dba root
–prompt-for-dba-password
In order to create or update your RT database,this script needs to
connect to your mysql instance on 10.12.14.149 as root.
Please specify that user’s database password below. If the user has no
database
password, just press return.

Password:
Now creating a database for RT.
Creating mysql database rt3.
Now populating database schema.
Creating database schema.
readline() on closed filehandle SCHEMA_LOCAL at
/usr/sbin/rt-setup-database line 192.
Done setting up database schema.
Now inserting database ACLs
DBD::mysql::st execute failed: Access denied for user
‘root’@‘10.12.14.164’ to database ‘rt3’ at /usr/sbin/rt-setup-database
line 345.
Problem with statement:
GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE ON rt3.* TO
rt_user@‘10.12.14.164’ IDENTIFIED BY ‘***********’;
Access denied for user ‘root’@‘10.12.14.164’ to database ‘rt3’ at
/usr/sbin/rt-setup-database line 346.

On the MySQL server, I did:

grant all on . to ‘root’@‘10.12.14.164’ identified by ‘********’

but am still getting that error.

Thanks!

http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Hi RT Users, Developers,

i’m not 100% sure if this is a bug or if i’m again too dumb…

For a Custom Field, I can grant the following Group Rights:

SeeCustomField
ModifyCustomField
AdminCustomField

From my point of understanding, SeeCustomFields allows a user to see the CF and it’s content, but not to change it?

ModifyCustomFields grant him the right to change the Content of the CF and AdminCF grants him the right to change this CF, is this correct so far?

If the point above is correct, then if a user that only have the rights SeeCustomField should only be able to see this field and content, but should not be able to change the content?

OK, now my problem and why I’m thinking that’s a bug…

If a user creates a ticket in a queue with a custom field assigned and he has only the right SeeCustomField at this CF, he should see the field but should not be able to enter something there?!? But he is…!..is this the correct way of handling the ACL or do I something wrong?

Its under RT 3.6.4 and I have double checked the rights, the global rights, group rights and user rights…

Any Ideas or hints or understand I the rights Setup for CF totally wrong???
Thanks in advance

: Torsten Brumm
:
: Kuehne + Nagel
: HAM - MI-ID
:
: Bauerbergweg 23-25
: 22111 Hamburg
:
: +49 (40) 30333 3199
: +49 (40) 30333 44 3199
:
: torsten.brumm@kuehne-nagel.com
: www.kn-portal.com
: icq: 78258840

Kühne + Nagel (AG & Co.) KG, Geschäftsleitung: Hans-Georg Brinkmann (Vors.), Uwe Bielang (Stellv.), Dr. Björn Johansson (Stellv.), Bruno Mang, Alfred Manke, Thorsten Meincke, Mark Reinhardt (Stellv.), Tim Scharwath, Jens Wollesen Sitz: Bremen, Registergericht: Bremen, HRA 21928, USt-IdNr.: DE 812773878, Persönlich haftende Gesellschaft: Kühne & Nagel A.G., Sitz: Contern/LuxemburgGeschäftsführender Verwaltungsrat: Klaus-Michael Kühne

OK, now i’m sure, this is a but inside the CF ACL, taken from the RT Book:

AdminCustomField → right to change the CF Name and Values.
SeeCustomField → right to see the CF
ModifyCustomField → right to see and set the CF’s Values.

So, from my point of view, this is not working…

Thanks in advance

: Torsten Brumm
:
: Kuehne + Nagel
: HAM - MI-ID
:
: Bauerbergweg 23-25
: 22111 Hamburg
:
: +49 (40) 30333 3199
: +49 (40) 30333 44 3199
:
: torsten.brumm@kuehne-nagel.com
: www.kn-portal.com
: icq: 78258840

Kühne + Nagel (AG & Co.) KG, Geschäftsleitung: Hans-Georg Brinkmann (Vors.), Uwe Bielang (Stellv.), Dr. Björn
Johansson (Stellv.), Bruno Mang, Alfred Manke, Thorsten Meincke, Mark Reinhardt (Stellv.), Tim Scharwath, Jens
Wollesen Sitz: Bremen, Registergericht: Bremen, HRA 21928, USt-IdNr.: DE 812773878, Persönlich haftende
Gesellschaft: Kühne & Nagel A.G., Sitz: Contern/LuxemburgGeschäftsführender Verwaltungsrat: Klaus-Michael
KühneVon: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] Im Auftrag von Ham MI-ID, Torsten Brumm
Gesendet: Mittwoch, 8. August 2007 15:07
An: rt-users@lists.bestpractical.com
Betreff: [rt-users] Custom Fields and Rights Question / maybe a bug
Wichtigkeit: Hoch

Hi RT Users, Developers,

i’m not 100% sure if this is a bug or if i’m again too dumb…

For a Custom Field, I can grant the following Group Rights:

SeeCustomField
ModifyCustomField
AdminCustomField

From my point of understanding, SeeCustomFields allows a user to see the CF and it’s content, but not to change it?

ModifyCustomFields grant him the right to change the Content of the CF and AdminCF grants him the right to change this CF, is this correct so far?

If the point above is correct, then if a user that only have the rights SeeCustomField should only be able to see this field and content, but should not be able to change the content?

OK, now my problem and why I’m thinking that’s a bug…

If a user creates a ticket in a queue with a custom field assigned and he has only the right SeeCustomField at this CF, he should see the field but should not be able to enter something there?!? But he is…!..is this the correct way of handling the ACL or do I something wrong?

Its under RT 3.6.4 and I have double checked the rights, the global rights, group rights and user rights…

Any Ideas or hints or understand I the rights Setup for CF totally wrong???
Thanks in advance

: Torsten Brumm
:
: Kuehne + Nagel
: HAM - MI-ID
:
: Bauerbergweg 23-25
: 22111 Hamburg
:
: +49 (40) 30333 3199
: +49 (40) 30333 44 3199
:
: torsten.brumm@kuehne-nagel.com
: www.kn-portal.com
: icq: 78258840

Kühne + Nagel (AG & Co.) KG, Geschäftsleitung: Hans-Georg Brinkmann (Vors.), Uwe Bielang (Stellv.), Dr. Björn Johansson (Stellv.), Bruno Mang, Alfred Manke, Thorsten Meincke, Mark Reinhardt (Stellv.), Tim Scharwath, Jens Wollesen Sitz: Bremen, Registergericht: Bremen, HRA 21928, USt-IdNr.: DE 812773878, Persönlich haftende Gesellschaft: Kühne & Nagel A.G., Sitz: Contern/LuxemburgGeschäftsführender Verwaltungsrat: Klaus-Michael Kühne
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Hi RT Users, Developers,

i’m not 100% sure if this is a bug or if i’m again too dumb…

For a Custom Field, I can grant the following Group Rights:

SeeCustomField
ModifyCustomField
AdminCustomField

From my point of understanding, SeeCustomFields allows a user to see the CF and it’s content, but not to change it?
right

ModifyCustomFields grant him the right to change the Content of the CF and AdminCF grants him the right to change this CF, is this correct so far?
AdminCF allow user to admin a CF, add new possible values, change type…
ModifyCF allow user to modify value(s) of a CF on tickets or objects
this particular CF applies to.

If the point above is correct, then if a user that only have the rights SeeCustomField should only be able to see this field and content, but should not be able to change the content?
right.

OK, now my problem and why I’m thinking that’s a bug…

If a user creates a ticket in a queue with a custom field assigned and he has only the right SeeCustomField at this CF, he should see the field but should not be able to enter something there?!? But he is…!..is this the correct way of handling the ACL or do I something wrong?
Yeah, there is a small bug on create. User see fields he can see even
if he can’t modify them, but as far as I know user gets ‘permission
denied’ after creation for fields he can’t modify.

In 3.7 development branch we don’t show fields user can’t modify on
the create ticket page anymore. I think we can backport that fix.

Its under RT 3.6.4 and I have double checked the rights, the global rights, group rights and user rights…

Any Ideas or hints or understand I the rights Setup for CF totally wrong???

Thanks in advance

: Torsten Brumm
:
: Kuehne + Nagel
: HAM - MI-ID
:
: Bauerbergweg 23-25
: 22111 Hamburg
:
: +49 (40) 30333 3199
: +49 (40) 30333 44 3199
:
: torsten.brumm@kuehne-nagel.com
: www.kn-portal.com
: icq: 78258840

Kühne + Nagel (AG & Co.) KG, Geschäftsleitung: Hans-Georg Brinkmann (Vors.), Uwe Bielang (Stellv.), Dr. Björn Johansson (Stellv.), Bruno Mang, Alfred Manke, Thorsten Meincke, Mark Reinhardt (Stellv.), Tim Scharwath, Jens Wollesen Sitz: Bremen, Registergericht: Bremen, HRA 21928, USt-IdNr.: DE 812773878, Persönlich haftende Gesellschaft: Kühne & Nagel A.G., Sitz: Contern/LuxemburgGeschäftsführender Verwaltungsrat: Klaus-Michael Kühne


The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Best regards, Ruslan.

If a CF is mandatory then all users who can create tickets in queues
CF applies to must have ‘ModifyCustomField’ right. I think this way.
Do you have another ideas? At least as I understand this the way it
work now.

I was thinking about while fixing bug in 3.7 and came to two ideas:

  1. Mandatory CFs must have default value. So when people couldn’t set
    a CF then we apply default and the fact that the CF is mandatory
    doesn’t prevent creation.
  2. We can add new ‘SetCustomFieldOnCreate’ right which can be useful
    in many workflows and also admins would be able to allow users to
    create tickets with mandatory fields, but deny changing a field after
    that.

Both ideas are subject of RT 3.8 only, as I said we can only back port
a patch from 3.8 to avoid confusion of users and admins.On 8/8/07, Ham MI-ID, Torsten Brumm torsten.brumm@kuehne-nagel.com wrote:

Hi ruslan,

Yes for a normal cf this is not critical, but together with a cf set to
mandatory this becomes critical, because the user is not able to create a
ticket via gui anymore for this queue :frowning:

Torsten

-----Original Message-----
From: ruslan.zakirov@gmail.com ruslan.zakirov@gmail.com
To: Ham MI-ID, Torsten Brumm
CC: rt-users@lists.bestpractical.com
rt-users@lists.bestpractical.com
Sent: Wed Aug 08 16:13:33 2007
Subject: Re: [rt-users] Custom Fields and Rights Question / maybe a bug

On 8/8/07, Ham MI-ID, Torsten Brumm torsten.brumm@kuehne-nagel.com wrote:

Hi RT Users, Developers,

i’m not 100% sure if this is a bug or if i’m again too dumb…

For a Custom Field, I can grant the following Group Rights:

SeeCustomField
ModifyCustomField
AdminCustomField

From my point of understanding, SeeCustomFields allows a user to see the
CF and it’s content, but not to change it?
right

ModifyCustomFields grant him the right to change the Content of the CF
and AdminCF grants him the right to change this CF, is this correct so far?
AdminCF allow user to admin a CF, add new possible values, change type…
ModifyCF allow user to modify value(s) of a CF on tickets or objects
this particular CF applies to.

If the point above is correct, then if a user that only have the rights
SeeCustomField should only be able to see this field and content, but should
not be able to change the content?
right.

OK, now my problem and why I’m thinking that’s a bug…

If a user creates a ticket in a queue with a custom field assigned and he
has only the right SeeCustomField at this CF, he should see the field but
should not be able to enter something there?!? But he is…!..is this the
correct way of handling the ACL or do I something wrong?
Yeah, there is a small bug on create. User see fields he can see even
if he can’t modify them, but as far as I know user gets ‘permission
denied’ after creation for fields he can’t modify.

In 3.7 development branch we don’t show fields user can’t modify on
the create ticket page anymore. I think we can backport that fix.

Its under RT 3.6.4 and I have double checked the rights, the global
rights, group rights and user rights…

Any Ideas or hints or understand I the rights Setup for CF totally
wrong???

Thanks in advance

: Torsten Brumm
:
: Kuehne + Nagel
: HAM - MI-ID
:
: Bauerbergweg 23-25
: 22111 Hamburg
:
: +49 (40) 30333 3199
: +49 (40) 30333 44 3199
:
: torsten.brumm@kuehne-nagel.com
: www.kn-portal.com
: icq: 78258840

Kühne + Nagel (AG & Co.) KG, Geschäftsleitung: Hans-Georg Brinkmann
(Vors.), Uwe Bielang (Stellv.), Dr. Björn Johansson (Stellv.), Bruno Mang,
Alfred Manke, Thorsten Meincke, Mark Reinhardt (Stellv.), Tim Scharwath,
Jens Wollesen Sitz: Bremen, Registergericht: Bremen, HRA 21928, USt-IdNr.:
DE 812773878, Persönlich haftende Gesellschaft: Kühne & Nagel A.G., Sitz:
Contern/LuxemburgGeschäftsführender Verwaltungsrat:
Klaus-Michael Kühne


The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


Best regards, Ruslan.

Best regards, Ruslan.

Hmmmm, an new right would not fix the core of the problem…i think this
not only occurs on create, this can also hapen at resolve time.
What exactly can happen?

From the workflow point of view we have the situation that a user creates a
ticket with only limited rights, later groups working at the same ticket
have more rights and have to set this cf, later groups only need to see what
happens with this ticket and resolve this…
Ok, if user who creates a ticket has no right to set/modify a CF and
some privileged user should set it later, then why this CF is
mandatory? I think it shouldn’t be.

I think to bypass the mandatory check and only display the cf if needed but
with no chance to ut something should be a cleaner solution?!?
“ut” == “put”?

What should we show? Disabled input/select box? User can not set a
field then why should we confuse him by showing it?

Torsten

-----Original Message-----
From: ruslan.zakirov@gmail.com ruslan.zakirov@gmail.com
To: Ham MI-ID, Torsten Brumm
CC: rt-users@lists.bestpractical.com
rt-users@lists.bestpractical.com
Sent: Wed Aug 08 18:02:08 2007
Subject: Re: Re: [rt-users] Custom Fields and Rights Question / maybe a bug

If a CF is mandatory then all users who can create tickets in queues
CF applies to must have ‘ModifyCustomField’ right. I think this way.
Do you have another ideas? At least as I understand this the way it
work now.

I was thinking about while fixing bug in 3.7 and came to two ideas:

  1. Mandatory CFs must have default value. So when people couldn’t set
    a CF then we apply default and the fact that the CF is mandatory
    doesn’t prevent creation.
  2. We can add new ‘SetCustomFieldOnCreate’ right which can be useful
    in many workflows and also admins would be able to allow users to
    create tickets with mandatory fields, but deny changing a field after
    that.

Both ideas are subject of RT 3.8 only, as I said we can only back port
a patch from 3.8 to avoid confusion of users and admins.

Hi ruslan,

Yes for a normal cf this is not critical, but together with a cf set to
mandatory this becomes critical, because the user is not able to create a
ticket via gui anymore for this queue :frowning:

Torsten

-----Original Message-----
From: ruslan.zakirov@gmail.com ruslan.zakirov@gmail.com
To: Ham MI-ID, Torsten Brumm
CC: rt-users@lists.bestpractical.com
rt-users@lists.bestpractical.com
Sent: Wed Aug 08 16:13:33 2007
Subject: Re: [rt-users] Custom Fields and Rights Question / maybe a bug

Hi RT Users, Developers,

i’m not 100% sure if this is a bug or if i’m again too dumb…

For a Custom Field, I can grant the following Group Rights:

SeeCustomField
ModifyCustomField
AdminCustomField

From my point of understanding, SeeCustomFields allows a user to see
the
CF and it’s content, but not to change it?
right

ModifyCustomFields grant him the right to change the Content of the CF
and AdminCF grants him the right to change this CF, is this correct so
far?
AdminCF allow user to admin a CF, add new possible values, change
type…
ModifyCF allow user to modify value(s) of a CF on tickets or objects
this particular CF applies to.

If the point above is correct, then if a user that only have the
rights
SeeCustomField should only be able to see this field and content, but
should
not be able to change the content?
right.

OK, now my problem and why I’m thinking that’s a bug…

If a user creates a ticket in a queue with a custom field assigned and
he
has only the right SeeCustomField at this CF, he should see the field but
should not be able to enter something there?!? But he is…!..is this
the
correct way of handling the ACL or do I something wrong?
Yeah, there is a small bug on create. User see fields he can see even
if he can’t modify them, but as far as I know user gets ‘permission
denied’ after creation for fields he can’t modify.

In 3.7 development branch we don’t show fields user can’t modify on
the create ticket page anymore. I think we can backport that fix.

Its under RT 3.6.4 and I have double checked the rights, the global
rights, group rights and user rights…

Any Ideas or hints or understand I the rights Setup for CF totally
wrong???

Thanks in advance

: Torsten Brumm
:
: Kuehne + Nagel
: HAM - MI-ID
:
: Bauerbergweg 23-25
: 22111 Hamburg
:
: +49 (40) 30333 3199
: +49 (40) 30333 44 3199
:
: torsten.brumm@kuehne-nagel.com
: www.kn-portal.com
: icq: 78258840

Kühne + Nagel (AG & Co.) KG, Geschäftsleitung: Hans-Georg Brinkmann
(Vors.), Uwe Bielang (Stellv.), Dr. Björn Johansson (Stellv.), Bruno
Mang,
Alfred Manke, Thorsten Meincke, Mark Reinhardt (Stellv.), Tim Scharwath,
Jens Wollesen Sitz: Bremen, Registergericht: Bremen, HRA 21928,
USt-IdNr.:
DE 812773878, Persönlich haftende Gesellschaft: Kühne & Nagel A.G., Sitz:
Contern/LuxemburgGeschäftsführender Verwaltungsrat:
Klaus-Michael Kühne


The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


Best regards, Ruslan.


Best regards, Ruslan.

Best regards, Ruslan.