Import user and group rights across queues?

I think this will end up being a feature request. We add new queues
frequently as we are gaining customers. For each of these queues, I need to
assign the same rights to the same groups. Is there a way to import one
groups rights from one queue to another? Some would use the word “clone”.
Global assigning isn’t the answer for us, because we don’t want the same
rights across all of the queues, just those of a certain type.

Thank you,

PeterFrom: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of
rt-users-request@lists.bestpractical.com
Sent: Tuesday, May 09, 2006 12:47 PM
To: rt-users@lists.bestpractical.com
Subject: RT-Users Digest, Vol 26, Issue 29

Send RT-Users mailing list submissions to
rt-users@lists.bestpractical.com

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
or, via email, send a message with subject or body ‘help’ to
rt-users-request@lists.bestpractical.com

You can reach the person managing the list at
rt-users-owner@lists.bestpractical.com

When replying, please edit your Subject line so it is more specific than
“Re: Contents of RT-Users digest…”

Today’s Topics:

  1. RT-Crontool and userdefined code (Ben Blakely)
  2. RE: Cannot assign ticket (William Catlan)
  3. Re: [Rt-devel] RT-Crontool and userdefined code (Stephen Turner)
  4. RE: Move tickets between queues (Stephen Turner)
  5. Editing Wiki Pages: Don’t Be Anonymous =] (Jim Meyer)
  6. Re: Editing Wiki Pages: Don’t Be Anonymous =] (Justin Findlay)

Message: 1
Date: Tue, 9 May 2006 12:16:56 -0400
From: “Ben Blakely” BBlakely@blink.ca
Subject: [rt-users] RT-Crontool and userdefined code
To: rt-devel@lists.bestpractical.com
Cc: rt-users@lists.bestpractical.com
Message-ID:

8E8EBFC69B7B50489C2DD4EDF3DA583001781393@exchange1.oakvillehydro.com
Content-Type: text/plain; charset=“us-ascii”

Skipped content of type multipart/alternative-------------- next part
-------------- _______________________________________________
List info: http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel

Best Practical is hiring! Come hack Perl for us:
http://bestpractical.com/about/jobs.html

Message: 2
Date: Tue, 9 May 2006 12:44:29 -0400
From: “William Catlan” wcatlan@doar.com
Subject: RE: [rt-users] Cannot assign ticket
To: “Kenneth Crocker” KFCrocker@lbl.gov
Cc: Ruslan Zakirov ruslan.zakirov@gmail.com,
rt-users@lists.bestpractical.com
Message-ID:
4320635C545E4948B79284BEF97AA20B048F4EB6@email.LawTech.ad.doar.com
Content-Type: text/plain; charset=“us-ascii”

Kenn,

Thanks for the details. Unfortunately, it doesn’t work for me. What
version of RT are you running?

Bill

From: Kenneth Crocker [mailto:KFCrocker@lbl.gov]
Sent: Monday, May 08, 2006 8:56 PM
To: William Catlan
Cc: Ruslan Zakirov; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Cannot assign ticket

William Catlan wrote:

Kenn,

I appreciate the confirmation that the feature works. I have tried a
number of different ways, including the more granular use of
permissions
at the queue level.

Can you share the exact permissions you give to a group to allow them
to
assign an owner to a ticket using People -> Owner driop down, as well
as
the exact permissions you give to a group to allow them to be
assigned
a ticket?

I think I’ve tried all reasonable configurations, and it is not
working
for me. My version of RT is 3.4.5 … what version are you running?

Thanks,

Bill

-----Original Message-----
From: Kenneth Crocker [mailto:KFCrocker@lbl.gov]
Sent: Friday, May 05, 2006 2:21 PM
To: William Catlan
Cc: Ruslan Zakirov; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Cannot assign ticket

William Catlan wrote:

3.6. Assigning a Ticket

Tickets can have an owner-the user responsible for working on the

ticket or

for coordinating the work. To assign a ticket to someone, go to the

People

form from the ticket display page, and select the user from the
Owner

drop-down list, as shown in Figure 3-7. This list contains the

usernames of

all the users allowed to own tickets in the ticket’s current queue.

I try this, and only “Nobody” appears as an option.

Grant right OwnTicket to groups/users who should be able to
OwnTicket.

http://wiki.bestpractical.com/?OwnTicket

Thanks Ruslan. Of course, I did grant that right to a group, at both
the Queue and Global levels, along with SeeQueue, but I still could

not

assign a ticket to someone in the group.

I am hoping that someone will confirm this is a bug, or show me
something I missed.

Bill


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com Commercial support:
sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

We’re hiring! Come hack Perl for Best Practical:

http://bestpractical.com/about/jobs.html

Bill,

    If you already have a group with the correct permissions to

see

a ticket (seeQueue, SeeTicket, etc.) for a specific Queue, why in the
world do you also grant any global rights at all? The whole point of
making a Queue have group specific rights allows much more specific
de-bugging when it comes to problems like this,. I think too many
users
of RT use the “shotgun” approach to granting rights and privileges.
GLobal stuff just might be negateing any Queue specific group rights.
It’s almost like a programmer who isnb’t sure he checked for something

in his code so he puts the same code that does the checking all over
the

progrm. It’s redundant and makes everything much more difficult to
debug. I think you need to go back to the drawing board on rights and
decide how to tighten up the rights by being specific, not global and
then see what you get and debug from there. That is how ours is set up

and we have 23 Queues (for individual IT software support groups ) and

more than twice than many groups (1 group for technical support of an
application and 1 group for the user - who get less rights). Plus, we
have created an approval workflow that allows for a specific Queue to
hande the review/approval/rejection process for several other Queues
and

ALL work and documentation stays with the original ticket number, even

though the original ticket make be moved to different Queues. This
cannot be done when you have a bunch of shotgun/global rights floating

around. Hopes this concept helps.

Kenn

Will,

This will take a bit of time to walk thru but, here goes. First, we

create a Queue (meaningful name - of course). Someone who is a superuser

must do this. Then we set up globally (for each person assigned as the
AdminCC of said Queue) one roght only “SeeConfigTab”. This allows the
AdminCc to administrate his own Queue. We also set up globally for
“everyone” all the CreateSavedSearch, EditSavedSearch, etc proviliges.).

For global stuff, that’s it. Now, create a group and name it for it’s
function pertaining to the Queue your going to give it rights to, ie.
Queuename-Technicians, or Queuename-Support, Queuename-users. By creating
groups, you save yourself the redundant effort of setting up individuals
with the same rights to the same Queues. So. create a group.

Then add some members. Remember, you can have any number of groups with
different or the same rights to a Queue. Once you have created the group

and populated it, give each group it’s own set of priviliges as pertains

to A single Queue. So you go into Configuration (the same superuser is doing
this), then Queue, pick the Queue, then slip down to group rights (on the
lefthand side of the screen) and click that. These rights all pertain to the
Queue level only so we give everyone the right to see outgoing mail.
Sometimes, depending on the group, we give privilidged user the right to
create tickets (most of our Queue administrators don’t

want that. They want only specific groups to have that right). We don’t
allow unprivileged users anything. At the Role level (think of a role as

a psuedo group) CC’s are watchers (we give them seeQueue, seeTicket,
ReplyToTicket, and Watch). Requestors are creators of tickets (we give them
CreateTicket, if that hasn’t been given to all privileged users, all of the
CC stuff and maybe let them make or see comments, depending on if they are
users or supporter or technicians). AdminCc gets it all except we don’t let
them create script or templates (we reserve that right for the System
Administrator - keeps redundant scripts and stuff off the system). Then
there are owners. We consider them the technicians

or supports of a Queue so they get more rights as pertains their work
(Comment on a ticket, create ticket, delete a ticket, own ticket, modify

ticket, take a ticket and all the right given a requestor). Then, we grant a
mix of rights to whatever groups we have created that will pertain to the
Queue, just like we did with the roles (except, of course, the AdminCc). You
can get a list of the rights and stuff on Wiki. I hope this help you figure
it out. OH. Also, at the Queue level, we NEVER grant an individual ANY
rights. Period. See ya.

Kenn

Message: 3
Date: Tue, 09 May 2006 12:58:11 -0400
From: Stephen Turner sturner@MIT.EDU
Subject: [rt-users] Re: [Rt-devel] RT-Crontool and userdefined code
To: “Ben Blakely” BBlakely@blink.ca,
rt-devel@lists.bestpractical.com
Cc: rt-users@lists.bestpractical.com
Message-ID: 6.2.3.4.2.20060509125416.034b3878@po14.mit.edu
Content-Type: text/plain; charset=“us-ascii”; format=flowed

At Tuesday 5/9/2006 12:16 PM, Ben Blakely wrote:

Can anybody lead me in the right direction with this? I have created
some code that I would like to execute using
RT::Action::UserDefined.pm but im not to sure how to do it via
rt-crontool. Any help would be appreciated guys.

Thanks,

Ben

We’ve got something set up that works like this:

–action RT::Action::OurCustomAction

and our action code is in local/lib/RT/Action/OurCustomAction.pm - we
created this file based on one of the stock action modules.

Steve

Message: 4
Date: Tue, 09 May 2006 14:55:49 -0400
From: Stephen Turner sturner@MIT.EDU
Subject: RE: [rt-users] Move tickets between queues
To: “Steven E. Ames” sames@officescape.com, “RT-Users list”
rt-users@lists.bestpractical.com
Message-ID: 6.2.3.4.2.20060509145506.034b3228@po14.mit.edu
Content-Type: text/plain; charset=“us-ascii”; format=flowed

At Monday 5/8/2006 04:18 PM, Steven E. Ames wrote:

That could work. Could you share your scrip?

Here it is - it’s a scrip on the receiving queue:

Condition: On Queue Change
Action: User Defined
Template: Global blank

Custom action preparation code:
return 1;

Custom action cleanup code:
$self->TicketObj->AddWatcher(Type => ‘AdminCc’, PrincipalId =>
$self->TransactionObj->CreatorObj->PrincipalId);
return 1;

Message: 5
Date: Tue, 9 May 2006 12:40:37 -0700
From: “Jim Meyer” purp@acm.org
Subject: [rt-users] Editing Wiki Pages: Don’t Be Anonymous =]
To: “RT Users Mailing List” rt-users@lists.bestpractical.com
Message-ID:
c09f2f8a0605091240udfdef3fh55bc2518e2832b99@mail.gmail.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hello!

A small request from one (of many) who weeds spam from the wiki: when
editing or creating a page, please consider setting a KwikiName rather
than being an AnonymousGnome. It makes it easier to know I don’t need
to check your changes for spam.

Thanks!

–j
Jim Meyer, Geek at Large purp@acm.org

Message: 6
Date: Tue, 9 May 2006 13:46:26 -0600
From: “Justin Findlay” jfindlay@gmail.com
Subject: Re: [rt-users] Editing Wiki Pages: Don’t Be Anonymous =]
To: “RT Users Mailing List” rt-users@lists.bestpractical.com
Message-ID:
86ba12520605091246g5da7081ey5bea0b1004f8f137@mail.gmail.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

I would create to Perl script to clone a queue. It could
even update /etc/aliases for you…On Tue, May 09, 2006 at 05:16:50PM -0700, Peter Collins wrote:

I think this will end up being a feature request. We add new queues
frequently as we are gaining customers. For each of these queues, I need to
assign the same rights to the same groups. Is there a way to import one
groups rights from one queue to another? Some would use the word “clone”.
Global assigning isn’t the answer for us, because we don’t want the same
rights across all of the queues, just those of a certain type.

Thank you,

Peter