Hello,
I’m using request tracker at work (succesfully!!) but got some problems
when tried to manage queues permission using groups.
I’ve googled about it, read documentation on wiki, tried request tracker
web interface and direct sql database changes taking as example already
working queues, but I can’t get any success.
Scenario:
- I create a group on LDAP and request tracker.
- I create a user on LDAP and request tracker.
- I assign this user to group on LDAP and request tracker.
- I assign every role on group to a queue.
User can login to request tracker, get limited privileges, but user can’t
see queue: it doesn’t appear on the select next to “New ticket”.
I tried restarting apache, memcached, closing user web session and
restarting, but didn’t get any success.
¿May be I’ve missed any step?
Any help is very appreciated 
Thanks a lot in advance.
Hello,
I’m using request tracker at work (succesfully!!) but got some problems when tried to manage
queues permission using groups.
I’ve googled about it, read documentation on wiki, tried request tracker web interface and
direct sql database changes taking as example already working queues, but I can’t get any
success.
Scenario:
- I create a group on LDAP and request tracker.
- I create a user on LDAP and request tracker.
- I assign this user to group on LDAP and request tracker.
- I assign every role on group to a queue.
User can login to request tracker, get limited privileges, but user can’t see queue: it
doesn’t appear on the select next to “New ticket”.
I tried restarting apache, memcached, closing user web session and restarting, but didn’t get
any success.
*May be I’ve missed any step?
Seeing the Queue is controlled by SeeQueue and you’ll also need
CreateTicket there. Is the user Privileged?
-kevin
Hello,
Seeing the Queue is controlled by SeeQueue and you’ll also need
CreateTicket there. Is the user Privileged?
Yup, it’s right.
All problem come from cachedgroupmembers table: it looks there was a record
for that user.
I manually created a record and it works 
Thanks a lot for your help.
Yup, it’s right.
All problem come from cachedgroupmembers table: it looks there was a
record for that user.
I manually created a record and it works
You manually created a CachedGroupMembers record? If so, you’re doing
it really really wrong. Don’t use the database to manage if users are
priv/unpriv in RT; use the RT user admin page.
Please keep replies on the list.
This is interesting: I created user on RT user admin page, but didn’t
see any change on user permissing.
Take note of the checkbox “Let this user be granted rights (Privileged)”
which turns a user Privileged or not (Unprivileged).
After sometime (I don’t know really how many and when), user get right
permission.
Permissions come from RT’s internal system groups, ticket/queue roles,
and your own custom user groups. You can grant rights to these globally
or on a specific queue/article/custom field level.
It looks like cachedgroupmembers table get updated periodically, so, is
there any way to force it to refresh immediatelly?
No, it doesn’t get updated periodically. It gets updated immediately.
There’s no “refresh”. Futzing with the database is the really wrong way
to go about what you want and will almost certainly lead to you breaking RT.
Cristo,
There are several tables that work in conjunction with privileges, The ACL,
Group, GroupMembers, CacheGroupMembers, Principals, etc.
If you get them out of sync, you are in a world of hurt.
I’d suggest reading about privileges and more about the framework of rights
before putzing around in the database and doing damage you will regret.
There are a couple books out there you can get to help you with this.
KennOn Wed, Apr 11, 2012 at 10:52 AM, Thomas Sibley trs@bestpractical.comwrote:
Please keep replies on the list.
On 04/11/2012 01:43 PM, Cristo Bolaños Trujillo wrote:
This is interesting: I created user on RT user admin page, but didn’t
see any change on user permissing.
Take note of the checkbox “Let this user be granted rights (Privileged)”
which turns a user Privileged or not (Unprivileged).
After sometime (I don’t know really how many and when), user get right
permission.
Permissions come from RT’s internal system groups, ticket/queue roles,
and your own custom user groups. You can grant rights to these globally
or on a specific queue/article/custom field level.
It looks like cachedgroupmembers table get updated periodically, so, is
there any way to force it to refresh immediatelly?
No, it doesn’t get updated periodically. It gets updated immediately.
There’s no “refresh”. Futzing with the database is the really wrong way
to go about what you want and will almost certainly lead to you breaking
RT.