Privileged Users by Group

Christopher_Lasater · January 24, 2012, 3:32pm

Currently I use LDAP importer to run and add users to groups. The only problem I am running into is that when people leave groups or are put into groups when they are already created, there is no way to control their privileged status. The only option I see related to this in LDAP importer is making a user privileged when they are created. Is there a way to control whether or not a user is privileged by what group they are in? So all users in Group1 would be privileged, but users in group2 would not (unless they are in both). Sorry if this is elsewhere, its kind of hard to search for Privileged Group without seeing 100 other topics
Thanks

Christopher Lasater
Technology Analyst I
Taleo

T. 904.520.6046
E. clasater@taleo.com mailto:clasater@taleo.com
[cid:image001.jpg@01CCDA83.554C81B0]http://www.taleo.com/
This email and any attachments thereto may contain private, confidential, and privileged material for the sole use of the intended recipient named in the original email to which this message was attached. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please return this email to the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.

Kevin_Falcone · January 24, 2012, 8:45pm

Currently I use LDAP importer to run and add users to groups. The only problem I am running
into is that when people leave groups or are put into groups when they are already created,
there is no way to control their privileged status. The only option I see related to this in
LDAP importer is making a user privileged when they are created. Is there a way to control
whether or not a user is privileged by what group they are in? So all users in Group1 would
be privileged, but users in group2 would not (unless they are in both). Sorry if this is
elsewhere, its kind of hard to search for Privileged Group without seeing 100 other topics

Unfortunately - this is not a feature of RT-Extension-LDAPImporter or
of RT.

-kevin

Christopher_Lasater · January 24, 2012, 9:28pm

Is this a feature that may come in the future?-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Tuesday, January 24, 2012 3:45 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Privileged Users by Group

On Tue, Jan 24, 2012 at 10:32:17AM -0500, Christopher Lasater wrote:

Currently I use LDAP importer to run and add users to groups. The only problem I am running
into is that when people leave groups or are put into groups when they are already created,
there is no way to control their privileged status. The only option I see related to this in
LDAP importer is making a user privileged when they are created. Is there a way to control
whether or not a user is privileged by what group they are in? So all users in Group1 would
be privileged, but users in group2 would not (unless they are in both). Sorry if this is
elsewhere, its kind of hard to search for Privileged Group without
seeing 100 other topics

Unfortunately - this is not a feature of RT-Extension-LDAPImporter or of RT.

-kevin

sollericos · November 24, 2023, 9:07am

Greetings,
I had the same problem. I’m migrating from Jira to RT and this is a problem for us. We manage users and groups from LDAP. I didn’t find any plugin yet, bad luck or not enough patience . I’ll show my workaround here and maybe others can suggest a better solution:

Create a group custom field (I called it PrivilegedGroup) so you can mark those that you want to be privileged. You MUST include any admin (including root) to one of these groups. This field has only two values you can select: yes / no.
Create a sql file (mine is /opt/rt5/local/etc/grupos_privilegiados.sql) with the following sentences. I’m not a DB expert, but this works for me:

update groupmembers set groupid=5 where groupid=4 and memberid in (select memberid from groupmembers where groupid=4 and memberid not in (select memberid from groupmembers where groupid in (select ocf.objectid from objectcustomfieldvalues ocf, customfields cf where ocf.customfield=cf.id and cf.name='PrivilegedGroup' and ocf.objecttype='RT::Group' and ocf.content='yes' and ocf.disabled=0)));
 
update cachedgroupmembers set immediateparentid=5, groupid=5 where groupid=4 and memberid not in (select memberid from groupmembers where groupid=4);

update groupmembers set groupid=4 where groupid=5 and memberid in (select memberid from groupmembers where groupid in (select ocf.objectid from objectcustomfieldvalues ocf, customfields cf where ocf.customfield=cf.id and cf.name='PrivilegedGroup' and ocf.objecttype='RT::Group' and ocf.content='yes' and ocf.disabled=0) and memberid in (select memberid from groupmembers where groupid=5));

update cachedgroupmembers set immediateparentid=4, groupid=4 where groupid=5 and memberid in (select memberid from groupmembers where groupid=4);

Execute the following sentence after LDAP sync or whenever (un)setting PrivilegedGroup in any group:

psql -h YOUR_SERVER -p YOUR_PORT -U YOUR_USER YOUR_DATABASE -f /opt/rt5/local/etc/grupos_privilegiados.sql

I’m using PostgreSQL. You must adapt these sentences and parameters to your DB.

I hope this can help someone.