Object permissions from the command line

I’ve recently been tasked with setting up an RT instance for a large
organization, such that its queue structure mirrors that of their existing
ticket system. I was able to use the command line interface to easily
create the groups/queues, but I’ve stalled on setting up the permissions
for the queues - with so many of them, it’s going to take hours to click
through the web interface.

The permissions could easily be defined programmatically, but I haven’t yet
found a way to manipulate permissions outside of the web interface. In both
the command line and the REST interface, I can view several properties of
each queue, but nothing regarding user/group permissions to that queue. Is
there a way to use either of the alternative interfaces to change
permissions for objects, or will I need to do this by hand in the browser?

Thanks,
-Glenn

I’ve recently been tasked with setting up an RT instance for a large
organization, such that its queue structure mirrors that of their
existing ticket system. I was able to use the command line interface to
easily create the groups/queues, but I’ve stalled on setting up the
permissions for the queues - with so many of them, it’s going to take
hours to click through the web interface.

The permissions could easily be defined programmatically, but I haven’t
yet found a way to manipulate permissions outside of the web interface.
In both the command line and the REST interface, I can view several
properties of each queue, but nothing regarding user/group permissions
to that queue. Is there a way to use either of the alternative
interfaces to change permissions for objects, or will I need to do this
by hand in the browser?

You can use the Perl API by calling GrantRight/RevokeRight on the
RT::Principals you want to grant rights to. Arguments are the right
name and the target object on which the right should be granted (for
your case, likely a loaded RT::Queue or RT::System for global).

The doc for the Perl API is available by using perldoc on the RT source
lib files, or browsing online here: RT 4.0.25 Documentation - Best Practical

You can use the Perl API by calling GrantRight/RevokeRight on the
RT::Principals you want to grant rights to. Arguments are the right
name and the target object on which the right should be granted (for
your case, likely a loaded RT::Queue or RT::System for global).

Hi,

Let me add that quite a neat way of managing local rules is with code
in RT_SiteConfig.pm. My instance sets a few aspects of queues
automatically on queue creation (whether that’s with the web interface
or commandline or whereever). Skipping a few steps here, but you get
the idea:

  • Wrap RT::Queue::Create() in RT/Queue_Local.pm:

ref $RT::PostQueueCreate eq ‘CODE’ and
wrap Create => post => sub { $RT::PostQueueCreate->(@_) };

  • And then in RT_SiteConfig.pm (again, skipping the boring bits) I have:

Set($PostQueueCreate, sub
{
my %args = @_; # The sub we’re wrapping shifts $self, curse it.

my $newqueue = new RT::Queue($SystemUser);
$newqueue->Load($args{Name});

# Then you can do stuff like

$newqueue->SetCorrespondAddress
(lc($args{Name}). '@'. RT->Config->Get('MailDomain'));

$my_group->Principal->GrantRight(Object => $newqueue,
				Right  => 'SeeQueue');

});

Iain.

Systems Engineer
KAUST Visualisation Laboratory

This message and its contents, including attachments are intended solely
for the original recipient. If you are not the intended recipient or have
received this message in error, please notify me immediately and delete
this message from your computer system. Any unauthorized use or
distribution is prohibited. Please consider the environment before printing
this email.