Group Rights on System Groups & Role Groups

Hello all,

Something came up recently that I’m surprise I haven’t noticed before.

In our RT system, we distribute queue administration to the business
owners of the queues, and a queue admin recently reported that on the
Group Rights screen for his queue, he could not see any groups listed
under System Groups or Roles.

What this means is that he can’t see the full picture of group access
to his queue - for example he can’t see that Everyone has
CreateTicket in his queue.

Digging into the code shows me that the SeeGroup privilege controls
what groups you see on the GroupRights page, and apparently nobody
(except super users) have this privilege on the system groups or role
groups. I presume this is the RT default, as we haven’t fiddled with this.

So next I hunted for a config screen that would allow me to set
access on these special groups, but I couldn’t find one. I can hack
the group-rights-on-a-group URL with the special group’s IDs, but
that doesn’t feel quite kosher. I started wondering why this function
was hidden, and if I’m causing problems for myself if I give SeeGroup
on the Everyone, Privileged, AdminCc etc groups to all my privileged RT users.

Any thoughts or advice? Anyone encountered this before?

Thanks,
Steve

Stephen Turner
Senior Programmer/Analyst - Client Support Services
MIT Information Services and Technology (IS&T)

Hello all,

Something came up recently that I’m surprise I haven’t noticed before.

In our RT system, we distribute queue administration to the
business owners of the queues, and a queue admin recently reported
that on the Group Rights screen for his queue, he could not see any
groups listed under System Groups or Roles.

What this means is that he can’t see the full picture of group
access to his queue - for example he can’t see that Everyone has
CreateTicket in his queue.

Digging into the code shows me that the SeeGroup privilege controls
what groups you see on the GroupRights page, and apparently nobody
(except super users) have this privilege on the system groups or
role groups. I presume this is the RT default, as we haven’t
fiddled with this.

So next I hunted for a config screen that would allow me to set
access on these special groups, but I couldn’t find one. I can hack
the group-rights-on-a-group URL with the special group’s IDs, but
that doesn’t feel quite kosher. I started wondering why this
function was hidden, and if I’m causing problems for myself if I
give SeeGroup on the Everyone, Privileged, AdminCc etc groups to
all my privileged RT users.

Any thoughts or advice? Anyone encountered this before?

Yikes/Oops. I don’t have a great answer for you. I suspect that these
groups should be hardwired to be viewable by privileged users.

PGP.sig (186 Bytes)

Hello!

RT 3.6.1

Could anyone predict the results of setting ticket’s owner manually through
simple SQL query:

update Tickets set Owner = 123456 where id = 654321; ?

I know that there are several tables updated in SetOwner method and I am
interested what consequences such “brutal” workaround may cause.
So far I’ve tested this query and it looks fine for ticket updating and
resolving.

If using this query multiple time eventually can trigger RT failure I
wouldn’t want to use it.

Also, I would appreciate it very much if you could provide me with the list
of tables updated during SetOwner.

The reason I don’t favor using SetOwner is that I do not know how to=) I’m
trying to write a custom auto ticket assingment perl-module that should be
put in crontab and I’ve just no idea how to utilize RT lib in there.
Seriosly, I’m no programmer))

Any help and advice appreciated,

Sincerely,
Stan

Hello!

RT 3.6.1

Could anyone predict the results of setting ticket’s owner manually
through
simple SQL query:

update Tickets set Owner = 123456 where id = 654321; ?

I know that there are several tables updated in SetOwner method and
I am
interested what consequences such “brutal” workaround may cause.
So far I’ve tested this query and it looks fine for ticket updating
and
resolving.

If using this query multiple time eventually can trigger RT failure I
wouldn’t want to use it.

Using it even once will hurt you, alas.

Also, I would appreciate it very much if you could provide me with
the list
of tables updated during SetOwner.

The reason I don’t favor using SetOwner is that I do not know how
to=) I’m
trying to write a custom auto ticket assingment perl-module that
should be
put in crontab and I’ve just no idea how to utilize RT lib in there.

There should be some samples on the wiki to help you out, but this
(untested) code may do what you mean:

#!/usr/bin/perl
use warnings;
use strict;
use lib ‘/opt/rt3/lib’;
use RT;
RT::LoadConfig;
RT::Init;
use RT::Ticket;
use RT::User;

my $user = RT::User->new($RT::SystemUser);
$user->LoadByCols(Name => ‘root’);
my $ticket = RT::Ticket->new($RT::SystemUser);
$ticket->Load(1234);
my ($val,$msg) = $ticket->SetOwner($user->id);

print $msg;

PGP.sig (186 Bytes)

Jesse!

Thank you very much, sir! It’s all clear now.

Sorry if my question sounded like I haven’t searched the wiki and the lists
before asking=)

StanFrom: Jesse Vincent [mailto:jesse@bestpractical.com]
Sent: Monday, April 30, 2007 6:42 PM
To: Konstantin Naryzhniy
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] SetOwner chemistry

Hello!

RT 3.6.1

Could anyone predict the results of setting ticket’s owner manually
through
simple SQL query:

update Tickets set Owner = 123456 where id = 654321; ?

I know that there are several tables updated in SetOwner method and
I am
interested what consequences such “brutal” workaround may cause.
So far I’ve tested this query and it looks fine for ticket updating
and
resolving.

If using this query multiple time eventually can trigger RT failure I
wouldn’t want to use it.

Using it even once will hurt you, alas.

Also, I would appreciate it very much if you could provide me with
the list
of tables updated during SetOwner.

The reason I don’t favor using SetOwner is that I do not know how
to=) I’m
trying to write a custom auto ticket assingment perl-module that
should be
put in crontab and I’ve just no idea how to utilize RT lib in there.

There should be some samples on the wiki to help you out, but this
(untested) code may do what you mean:

#!/usr/bin/perl
use warnings;
use strict;
use lib ‘/opt/rt3/lib’;
use RT;
RT::LoadConfig;
RT::Init;
use RT::Ticket;
use RT::User;

my $user = RT::User->new($RT::SystemUser);
$user->LoadByCols(Name => ‘root’);
my $ticket = RT::Ticket->new($RT::SystemUser);
$ticket->Load(1234);
my ($val,$msg) = $ticket->SetOwner($user->id);

print $msg;

Seriosly, I’m no programmer))

Any help and advice appreciated,

Sincerely,
Stan


The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Jesse!

Thank you very much, sir! It’s all clear now.

Sorry if my question sounded like I haven’t searched the wiki and
the lists
before asking=)

It’s good to get it into the archives every now and then :wink:
Also, Parallels makes my development life better.

Best,
Jesse

PGP.sig (186 Bytes)