Perplexed about permissions/mail loops

Hey all – am a longtime RT1 user and just upgraded to 2.0.4, so I’m
getting used to everything…

We’ve had a couple of instances now where two of our queues got into big
fights with each other and produced a few thousand tickets:

  • service@toad.net sends mail to billing@toad.net
  • service didn’t have permission to create a ticket in the billing queue
  • billing replies to service “Correspondence not recorded, permission denied”
  • billing didn’t have permission to create a ticket in the service queue
  • service replies to billing “Correspondence not recorded, permission denied”

Only my queue addresses seem to have problems with this “permission
denied” issue – other random users can create a ticket no problem.

Frankly, this seems dumb to me on two levels – one, RT should have built
in loop detection so it won’t clobber itself this way; two, I have no
idea now how to correctly set the permissions. I’m making haphazard “feel
good” changes assigning various groups more permissions, etc., but am not
sure what I’m really doing.

Can anyone point me in the right direction to a) clear up this loop
problem, b) better understand RT2 groups/users & permissions?

Thanks much,

Dave

David C. Troy [dave@toad.net] 410-544-6193 Sales
ToadNet - Want to go fast? 410-544-1329 FAX
570 Ritchie Highway, Severna Park, MD 21146-2925 www.toad.net

RT shouldn’t be looping with itself. It just should not happen.
I’m way too tired to cope right now but will try to have a look tomorrow.

There was a discussion between me and one of the good folks at west.nl about
which permissions do what around the first week of april or the last week
of march that needs to get cleaned up and added to the docs. Besides that,
you might want to have a look at the install and config docs at http://www.helgrim.com/rtdocs. It contains some recommendations for default permissions.On Sun, Aug 05, 2001 at 09:48:49PM -0400, David C. Troy wrote:

Hey all – am a longtime RT1 user and just upgraded to 2.0.4, so I’m
getting used to everything…

We’ve had a couple of instances now where two of our queues got into big
fights with each other and produced a few thousand tickets:

  • service@toad.net sends mail to billing@toad.net
  • service didn’t have permission to create a ticket in the billing queue
  • billing replies to service “Correspondence not recorded, permission denied”
  • billing didn’t have permission to create a ticket in the service queue
  • service replies to billing “Correspondence not recorded, permission denied”

Only my queue addresses seem to have problems with this “permission
denied” issue – other random users can create a ticket no problem.

Frankly, this seems dumb to me on two levels – one, RT should have built
in loop detection so it won’t clobber itself this way; two, I have no
idea now how to correctly set the permissions. I’m making haphazard “feel
good” changes assigning various groups more permissions, etc., but am not
sure what I’m really doing.

Can anyone point me in the right direction to a) clear up this loop
problem, b) better understand RT2 groups/users & permissions?

Thanks much,

Dave

=====================================================================
David C. Troy [dave@toad.net] 410-544-6193 Sales
ToadNet - Want to go fast? 410-544-1329 FAX
570 Ritchie Highway, Severna Park, MD 21146-2925 www.toad.net


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

jesse reed vincent – root@eruditorum.orgjesse@fsck.com
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

And I’m told we do share some common rituals. Our “flame war” is apparently
held in person in their land and called “project meeting”.
-Alan Cox [on “Suits”]

No – this is just once instance clobbering itself, not two. Although
I’ve had fun with two instances going at each other before, too.

I’ve read the docs about the permissions. I think the situation may be
exacerbated because this was an RT1->RT2 import and I’m not at all clear
on what permissions were set in that process.

I’m going to try to slog through it again and see what specific questions
I come up with. A general solution to the looping problem would be a good
idea nonetheless.

Thanks,
Dave

David C. Troy [dave@toad.net] 410-544-6193 Sales
ToadNet - Want to go fast? 410-544-1329 FAX
570 Ritchie Highway, Severna Park, MD 21146-2925 www.toad.netOn Mon, 6 Aug 2001, Jesse wrote:

RT shouldn’t be looping with itself. It just should not happen.
I’m way too tired to cope right now but will try to have a look tomorrow.

There was a discussion between me and one of the good folks at west.nl about
which permissions do what around the first week of april or the last week
of march that needs to get cleaned up and added to the docs. Besides that,
you might want to have a look at the install and config docs at http://www.helgrim.com/rtdocs. It contains some recommendations for default permissions.

On Sun, Aug 05, 2001 at 09:48:49PM -0400, David C. Troy wrote:

Hey all – am a longtime RT1 user and just upgraded to 2.0.4, so I’m
getting used to everything…

We’ve had a couple of instances now where two of our queues got into big
fights with each other and produced a few thousand tickets:

  • service@toad.net sends mail to billing@toad.net
  • service didn’t have permission to create a ticket in the billing queue
  • billing replies to service “Correspondence not recorded, permission denied”
  • billing didn’t have permission to create a ticket in the service queue
  • service replies to billing “Correspondence not recorded, permission denied”

Only my queue addresses seem to have problems with this “permission
denied” issue – other random users can create a ticket no problem.

Frankly, this seems dumb to me on two levels – one, RT should have built
in loop detection so it won’t clobber itself this way; two, I have no
idea now how to correctly set the permissions. I’m making haphazard “feel
good” changes assigning various groups more permissions, etc., but am not
sure what I’m really doing.

Can anyone point me in the right direction to a) clear up this loop
problem, b) better understand RT2 groups/users & permissions?

Thanks much,

Dave

=====================================================================
David C. Troy [dave@toad.net] 410-544-6193 Sales
ToadNet - Want to go fast? 410-544-1329 FAX
570 Ritchie Highway, Severna Park, MD 21146-2925 www.toad.net


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users


jesse reed vincent – root@eruditorum.orgjesse@fsck.com
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

And I’m told we do share some common rituals. Our “flame war” is apparently
held in person in their land and called “project meeting”.
-Alan Cox [on “Suits”]

OK – here – I find this unsettling:

To make sure that your staff can work with tickets, you should grant
them all the following additional rights:
“ShowTicket”
“ShowTicketComments”
“Watch”
“WatchAsAdminCc”
“OwnTicket”
“ModifyTicket”

I’m supposed to go click on these things for EACH of my 20+ employees? I
don’t need carpal tunnel this bad! :slight_smile:

Dave

David C. Troy [dave@toad.net] 410-544-6193 Sales
ToadNet - Want to go fast? 410-544-1329 FAX
570 Ritchie Highway, Severna Park, MD 21146-2925 www.toad.netOn Mon, 6 Aug 2001, David C. Troy wrote:

No – this is just once instance clobbering itself, not two. Although
I’ve had fun with two instances going at each other before, too.

I’ve read the docs about the permissions. I think the situation may be
exacerbated because this was an RT1->RT2 import and I’m not at all clear
on what permissions were set in that process.

I’m going to try to slog through it again and see what specific questions
I come up with. A general solution to the looping problem would be a good
idea nonetheless.

Thanks,
Dave

=====================================================================
David C. Troy [dave@toad.net] 410-544-6193 Sales
ToadNet - Want to go fast? 410-544-1329 FAX
570 Ritchie Highway, Severna Park, MD 21146-2925 www.toad.net

On Mon, 6 Aug 2001, Jesse wrote:

RT shouldn’t be looping with itself. It just should not happen.
I’m way too tired to cope right now but will try to have a look tomorrow.

There was a discussion between me and one of the good folks at west.nl about
which permissions do what around the first week of april or the last week
of march that needs to get cleaned up and added to the docs. Besides that,
you might want to have a look at the install and config docs at http://www.helgrim.com/rtdocs. It contains some recommendations for default permissions.

On Sun, Aug 05, 2001 at 09:48:49PM -0400, David C. Troy wrote:

Hey all – am a longtime RT1 user and just upgraded to 2.0.4, so I’m
getting used to everything…

We’ve had a couple of instances now where two of our queues got into big
fights with each other and produced a few thousand tickets:

  • service@toad.net sends mail to billing@toad.net
  • service didn’t have permission to create a ticket in the billing queue
  • billing replies to service “Correspondence not recorded, permission denied”
  • billing didn’t have permission to create a ticket in the service queue
  • service replies to billing “Correspondence not recorded, permission denied”

Only my queue addresses seem to have problems with this “permission
denied” issue – other random users can create a ticket no problem.

Frankly, this seems dumb to me on two levels – one, RT should have built
in loop detection so it won’t clobber itself this way; two, I have no
idea now how to correctly set the permissions. I’m making haphazard “feel
good” changes assigning various groups more permissions, etc., but am not
sure what I’m really doing.

Can anyone point me in the right direction to a) clear up this loop
problem, b) better understand RT2 groups/users & permissions?

Thanks much,

Dave

=====================================================================
David C. Troy [dave@toad.net] 410-544-6193 Sales
ToadNet - Want to go fast? 410-544-1329 FAX
570 Ritchie Highway, Severna Park, MD 21146-2925 www.toad.net


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users


jesse reed vincent – root@eruditorum.orgjesse@fsck.com
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

And I’m told we do share some common rituals. Our “flame war” is apparently
held in person in their land and called “project meeting”.
-Alan Cox [on “Suits”]


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

David C. Troy writes:

I’m supposed to go click on these things for EACH of my 20+ employees? I
don’t need carpal tunnel this bad! :slight_smile:

I created groups with the needed privs, and added the staff to each group
as needed. None of my staff have user privs assigned to them.
-Matt

Matthew D. Stock stock@cse.buffalo.edu
Director of Information Technology
Computer Science and Engineering, University at Buffalo

OK – here – I find this unsettling:

To make sure that your staff can work with tickets, you should grant

them all the following additional rights:

“ShowTicket”

“ShowTicketComments”

“Watch”

“WatchAsAdminCc”

“OwnTicket”

“ModifyTicket”

I’m supposed to go click on these things for EACH of my 20+ employees? I

don’t need carpal tunnel this bad! :slight_smile:

Make a group (Configuration - Groups - Create a new group), add all
employees to this group (Configuration - Groups - -
Members) and give the group the appropriate rights (Configuration -
Global - Group Rights).

Should be no more than roughly 35 clicks in total :slight_smile:

Martin

Martin Schapendonk, martin@schapendonk.org, Phone: +31 (0)6 55770237
Student Information Systems and Management at Tilburg University

“David C. Troy” wrote:

OK – here – I find this unsettling:

To make sure that your staff can work with tickets, you should grant
them all the following additional rights:
“ShowTicket”
“ShowTicketComments”
“Watch”
“WatchAsAdminCc”
“OwnTicket”
“ModifyTicket”

I’m supposed to go click on these things for EACH of my 20+ employees? I
don’t need carpal tunnel this bad! :slight_smile:
You could add them to a global group that has this rights.

Regards,
Harald

Hello,

You just need to create a group, let’s say called “Tech”. You then set group
permissions. And add your staff to this group. They will all have the same
privileges.
Steve Poirier
Inet Technologies Inc.
http://www.inet-technologies.comFrom: “David C. Troy” dave@toad.net
To: “Jesse” jesse@fsck.com
Cc: rt-users@lists.fsck.com
Sent: August 6, 2001 10:12
Subject: Re: [rt-users] Perplexed about permissions/mail loops…

OK – here – I find this unsettling:

To make sure that your staff can work with tickets, you should grant
them all the following additional rights:
“ShowTicket”
“ShowTicketComments”
“Watch”
“WatchAsAdminCc”
“OwnTicket”
“ModifyTicket”

I’m supposed to go click on these things for EACH of my 20+ employees? I
don’t need carpal tunnel this bad! :slight_smile:

Dave

=====================================================================
David C. Troy [dave@toad.net] 410-544-6193 Sales
ToadNet - Want to go fast? 410-544-1329 FAX
570 Ritchie Highway, Severna Park, MD 21146-2925 www.toad.net

No – this is just once instance clobbering itself, not two. Although
I’ve had fun with two instances going at each other before, too.

I’ve read the docs about the permissions. I think the situation may be
exacerbated because this was an RT1->RT2 import and I’m not at all clear
on what permissions were set in that process.

I’m going to try to slog through it again and see what specific
questions

I come up with. A general solution to the looping problem would be a
good

idea nonetheless.

Thanks,
Dave

=====================================================================
David C. Troy [dave@toad.net] 410-544-6193 Sales
ToadNet - Want to go fast? 410-544-1329 FAX
570 Ritchie Highway, Severna Park, MD 21146-2925 www.toad.net

RT shouldn’t be looping with itself. It just should not happen.
I’m way too tired to cope right now but will try to have a look
tomorrow.

There was a discussion between me and one of the good folks at west.nl
about

which permissions do what around the first week of april or the last
week

of march that needs to get cleaned up and added to the docs. Besides
that,

you might want to have a look at the install and config docs at
http://www.helgrim.com/rtdocs. It contains some recommendations for default
permissions.

Hey all – am a longtime RT1 user and just upgraded to 2.0.4, so I’m
getting used to everything…

We’ve had a couple of instances now where two of our queues got into
big

fights with each other and produced a few thousand tickets:

  • billing replies to service “Correspondence not recorded,
    permission denied”
  • billing didn’t have permission to create a ticket in the service
    queue
  • service replies to billing “Correspondence not recorded,
    permission denied”

Only my queue addresses seem to have problems with this “permission
denied” issue – other random users can create a ticket no problem.

Frankly, this seems dumb to me on two levels – one, RT should have
built

in loop detection so it won’t clobber itself this way; two, I have
no

idea now how to correctly set the permissions. I’m making haphazard
"feel

good" changes assigning various groups more permissions, etc., but
am not

sure what I’m really doing.

Can anyone point me in the right direction to a) clear up this loop
problem, b) better understand RT2 groups/users & permissions?

Thanks much,

Dave

David C. Troy [dave@toad.net] 410-544-6193 Sales
ToadNet - Want to go fast? 410-544-1329 FAX
570 Ritchie Highway, Severna Park, MD 21146-2925 www.toad.net


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users


jesse reed vincent – root@eruditorum.orgjesse@fsck.com
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

And I’m told we do share some common rituals. Our “flame war” is
apparently

held in person in their land and called “project meeting”.
-Alan Cox [on “Suits”]


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users