When priviledged user accounts need to be removed, how do people do it?
So far, we’ve gone in and removed all rights from the user, then gone
through each queue and removed them from any Cc: or AdminCc: lists, plust
all groups, then gone through the specific User Rights for each queue, and
removed any rights in there. All this works, but it’s starting to get
tedious and time-consuming.
My question is: how do people deal with staff who leave? Is simply removing
all rights for the user enough?
When priviledged user accounts need to be removed, how do people do it?
So far, we’ve gone in and removed all rights from the user, then gone
through each queue and removed them from any Cc: or AdminCc: lists, plust
all groups, then gone through the specific User Rights for each queue, and
removed any rights in there. All this works, but it’s starting to get
tedious and time-consuming.
If you are doing this frequently, then you really need to look at your
staff turnover rates.
As a method of making it easier, I’d suggest using one address for the
AdminCc alias; eg queuename@example.com knows that the AdminCc to mail is
queuename-hidden@example.com.
That would cut the RT changes required to removing the user from the
groups, and disabling their access to RT.
My question is: how do people deal with staff who leave?
Our working environment is perfect. No one would ever want to leave. We
have thought of everything, including the snipers on nearby buildings.
Is simply removing
all rights for the user enough?
Yes. Note that you cannot remove the user themselves, as that will break
the references to the user in the database.
Bruce Campbell RIPE
Systems/Network Engineer NCC
www.ripe.net - PGP562C8B1B Operations/Security