Right could not be revoked

On global group rights, I am trying to revoke a “Super User” rights for
grouname “Everyone” but resulted to “Right could not be revoked” error
message. Please help!

I’m using RT-3.6.x

Marvin,

I've never seen THAT before. That could certainly open the floodgates 

to a lot of people messing with other peoples stuff and cause some major
migrain headaches. How did that happen in the first place? Did you sign
in as root or what?

Kenn
LBNLOn 7/3/2008 10:58 AM, Marvin Santos wrote:

On global group rights, I am trying to revoke a “Super User” rights for
grouname “Everyone” but resulted to “Right could not be revoked” error
message. Please help!

I’m using RT-3.6.x



http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

I signed it as an admin user not as root. Unfortunately, I wasn’t the one
who initially setup RT. I’m just taking over the management from the
resigned company admin.On Fri, Jul 4, 2008 at 3:31 AM, Kenneth Crocker KFCrocker@lbl.gov wrote:

Marvin,

   I've never seen THAT before. That could certainly open the

floodgates to a lot of people messing with other peoples stuff and cause
some major migrain headaches. How did that happen in the first place? Did
you sign in as root or what?

Kenn
LBNL

On 7/3/2008 10:58 AM, Marvin Santos wrote:

On global group rights, I am trying to revoke a “Super User” rights for
grouname “Everyone” but resulted to “Right could not be revoked” error
message. Please help!

I’m using RT-3.6.x



http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media. Buy a
copy at http://rtbook.bestpractical.com

Try to grant yourself personal SuperUser right first and then revoke
that right from everyone.On Thu, Jul 3, 2008 at 9:58 PM, Marvin Santos marvs007@gmail.com wrote:

On global group rights, I am trying to revoke a “Super User” rights for
grouname “Everyone” but resulted to “Right could not be revoked” error
message. Please help!

I’m using RT-3.6.x


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Best regards, Ruslan.

“Everyone” group can’t be assigned into a different group because this is a
system-created group. I’m just seeing it on "Global Configuration."On Fri, Jul 4, 2008 at 4:50 AM, Chaim Rieger stever@up-south.com wrote:

try assigning rights for Everyone to a diff group and then removing the
Super User

Kenneth Crocker wrote:

Marvin,

   I've never seen THAT before. That could certainly open the

floodgates to a lot of people messing with other peoples stuff and cause
some major migrain headaches. How did that happen in the first place? Did
you sign in as root or what?

Kenn
LBNL

On 7/3/2008 10:58 AM, Marvin Santos wrote:

On global group rights, I am trying to revoke a “Super User” rights for
grouname “Everyone” but resulted to “Right could not be revoked” error
message. Please help!

I’m using RT-3.6.x



http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media. Buy
a copy at http://rtbook.bestpractical.com


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media. Buy a
copy at http://rtbook.bestpractical.com

My login account has a super-user right but to no avail. Any more hints?On Fri, Jul 4, 2008 at 3:40 PM, Ruslan Zakirov ruz@bestpractical.com wrote:

Try to grant yourself personal SuperUser right first and then revoke
that right from everyone.

On Thu, Jul 3, 2008 at 9:58 PM, Marvin Santos marvs007@gmail.com wrote:

On global group rights, I am trying to revoke a “Super User” rights for
grouname “Everyone” but resulted to “Right could not be revoked” error
message. Please help!

I’m using RT-3.6.x


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


Best regards, Ruslan.

By the way, each time I attempt to revoke the superuser rights, log message
says:

[Sat Jul 5 00:54:11 2008] [warning]: User not loaded.
(/usr/share/request-tracker3.6/lib/RT/User_Overlay.pm:1728)

Please help.On Fri, Jul 4, 2008 at 4:23 PM, Marvin Santos marvs007@gmail.com wrote:

My login account has a super-user right but to no avail. Any more hints?

On Fri, Jul 4, 2008 at 3:40 PM, Ruslan Zakirov ruz@bestpractical.com wrote:

Try to grant yourself personal SuperUser right first and then revoke
that right from everyone.

On Thu, Jul 3, 2008 at 9:58 PM, Marvin Santos marvs007@gmail.com wrote:

On global group rights, I am trying to revoke a “Super User” rights for
grouname “Everyone” but resulted to “Right could not be revoked” error
message. Please help!

I’m using RT-3.6.x


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


Best regards, Ruslan.

Marvin,

I suspect there is a problem with the UserID you are signing on with. 

What DataBase do you have?

Kenn
LBNLOn 7/4/2008 6:09 PM, Marvin Santos wrote:

By the way, each time I attempt to revoke the superuser rights, log
message says:

[Sat Jul 5 00:54:11 2008] [warning]: User not loaded.
(/usr/share/request-tracker3.6/lib/RT/User_Overlay.pm:1728)

Please help.

On Fri, Jul 4, 2008 at 4:23 PM, Marvin Santos <marvs007@gmail.com mailto:marvs007@gmail.com> wrote:

My login account has a super-user right but to no avail. Any more hints?


On Fri, Jul 4, 2008 at 3:40 PM, Ruslan Zakirov <ruz@bestpractical.com <mailto:ruz@bestpractical.com>> wrote:

    Try to grant yourself personal SuperUser right first and then revoke
    that right from everyone.

    On Thu, Jul 3, 2008 at 9:58 PM, Marvin Santos <marvs007@gmail.com <mailto:marvs007@gmail.com>> wrote:
     > On global group rights, I am trying to revoke a "Super User"
    rights for
     > grouname "Everyone" but resulted to "Right could not be
    revoked" error
     > message. Please help!
     >
     > I'm using RT-3.6.x
     >
     > _______________________________________________
     > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
     >
     > Community help: http://wiki.bestpractical.com
     > Commercial support: sales@bestpractical.com
    <mailto:sales@bestpractical.com>
     >
     >
     > Discover RT's hidden secrets with RT Essentials from O'Reilly
    Media.
     > Buy a copy at http://rtbook.bestpractical.com
     >



    --
    Best regards, Ruslan.


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

I also used user ID ‘root’ but to no avail. I’m using mysql. I’m wondering
if I can change group right for “Everyone” from mysql? If possible, how?On Tue, Jul 8, 2008 at 12:53 AM, Kenneth Crocker KFCrocker@lbl.gov wrote:

Marvin,

   I suspect there is a problem with the UserID you are signing on

with. What DataBase do you have?

Kenn
LBNL

On 7/4/2008 6:09 PM, Marvin Santos wrote:

By the way, each time I attempt to revoke the superuser rights, log
message says:

[Sat Jul 5 00:54:11 2008] [warning]: User not loaded.
(/usr/share/request-tracker3.6/lib/RT/User_Overlay.pm:1728)

Please help.

On Fri, Jul 4, 2008 at 4:23 PM, Marvin Santos <marvs007@gmail.com<mailto: marvs007@gmail.com>> wrote:

My login account has a super-user right but to no avail. Any more
hints?

On Fri, Jul 4, 2008 at 3:40 PM, Ruslan Zakirov <ruz@bestpractical.com mailto:ruz@bestpractical.com> wrote:

   Try to grant yourself personal SuperUser right first and then

revoke
that right from everyone.

   On Thu, Jul 3, 2008 at 9:58 PM, Marvin Santos <marvs007@gmail.com <mailto:marvs007@gmail.com>> wrote:
    > On global group rights, I am trying to revoke a "Super User"
   rights for
    > grouname "Everyone" but resulted to "Right could not be
   revoked" error
    > message. Please help!
    >
    > I'm using RT-3.6.x
    >
    > _______________________________________________
    >

http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales@bestpractical.com
mailto:sales@bestpractical.com
>
>
> Discover RT’s hidden secrets with RT Essentials from O’Reilly
Media.
> Buy a copy at http://rtbook.bestpractical.com
>

   --
   Best regards, Ruslan.


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media. Buy a
copy at http://rtbook.bestpractical.com

Marvin,

I suggest that before we start playing with rights among ID's let's see 

what is set up at the source. When I have questions like this, I go into
the DataBase to see what data is actually in the tables. That is what RT
is responding to. So, if you’re willing, go into your DataBase and look
at the USERS Table (Select * from USERS;). right click and sort
ascending the result by NAME. Find your name. Notice the ID. Now go into
the GROUPS table (Select * from GROUPS where DOMAIN like ‘ACLEquiv*’:wink:
and notice the ID for the ACL equivilent of YOUR ID. That is the group
ID that your system rights should be under. Now look at the ACL Table
(Select * from ACL where OBJECTTYPE like ‘RT::System’;). Right click and
sort ascending the PRINCIPALID field. Find your ‘ACLEquiv" ID and THAT
will show your rights at the RT::Systems level. IF that right is NOT
’SuperUser’, then that explains why you cannot do anything about those
rights in terms of granting or revoking. Now right click and ‘sort
ascending’ by ‘RIGHTNAME’. This will list all those IDs that DO have
superuser together and you can see who DOES have that right. Let me know
what you find and then we can decide the best direction to go. Hope this
helps.

Kenn
LBNLOn 7/7/2008 9:56 AM, Marvin Santos wrote:

I also used user ID ‘root’ but to no avail. I’m using mysql. I’m
wondering if I can change group right for “Everyone” from mysql? If
possible, how?

On Tue, Jul 8, 2008 at 12:53 AM, Kenneth Crocker <KFCrocker@lbl.gov mailto:KFCrocker@lbl.gov> wrote:

Marvin,

       I suspect there is a problem with the UserID you are signing
on with. What DataBase do you have?


Kenn
LBNL

       


       

On 7/4/2008 6:09 PM, Marvin Santos wrote:

    By the way, each time I attempt to revoke the superuser rights,
    log message says:

    [Sat Jul  5 00:54:11 2008] [warning]: User not loaded.
    (/usr/share/request-tracker3.6/lib/RT/User_Overlay.pm:1728)

    Please help.

    On Fri, Jul 4, 2008 at 4:23 PM, Marvin Santos <marvs007@gmail.com <mailto:marvs007@gmail.com> <mailto:marvs007@gmail.com <mailto:marvs007@gmail.com>>> wrote:

       My login account has a super-user right but to no avail. Any
    more hints?


       On Fri, Jul 4, 2008 at 3:40 PM, Ruslan Zakirov <ruz@bestpractical.com <mailto:ruz@bestpractical.com> <mailto:ruz@bestpractical.com <mailto:ruz@bestpractical.com>>> wrote:

           Try to grant yourself personal SuperUser right first and
    then revoke
           that right from everyone.

           On Thu, Jul 3, 2008 at 9:58 PM, Marvin Santos <marvs007@gmail.com <mailto:marvs007@gmail.com> <mailto:marvs007@gmail.com <mailto:marvs007@gmail.com>>> wrote:
            > On global group rights, I am trying to revoke a "Super
    User"
           rights for
            > grouname "Everyone" but resulted to "Right could not be
           revoked" error
            > message. Please help!
            >
            > I'm using RT-3.6.x
            >
            > _______________________________________________
            >
    http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
            >
            > Community help: http://wiki.bestpractical.com
            > Commercial support: sales@bestpractical.com
    <mailto:sales@bestpractical.com>
           <mailto:sales@bestpractical.com
    <mailto:sales@bestpractical.com>>

            >
            >
            > Discover RT's hidden secrets with RT Essentials from
    O'Reilly
           Media.
            > Buy a copy at http://rtbook.bestpractical.com
            >



           --
           Best regards, Ruslan.




    ------------------------------------------------------------------------


    _______________________________________________
    http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

    Community help: http://wiki.bestpractical.com
    Commercial support: sales@bestpractical.com
    <mailto:sales@bestpractical.com>


    Discover RT's hidden secrets with RT Essentials from O'Reilly
    Media. Buy a copy at http://rtbook.bestpractical.com

Hello,

When I discovered this “bug” my original intention was to create a new queue and a new user who would have complete control over the newly created queue, but absolutely no privileges for any of the other queues that already exist. Unfortunately I can not do this because when I create a new user and make them a privileged user right off the bat they become a super user with the ability to delegate rights and do whatever else they wish. To defeat this I tried going to the global group rights and revoking the “DelegateRights” and “SuperUser” rights from the groups “Everyone” and “unprivileged”, but when I attempt to modify these I get the error “Right could not be revoked” I am positive the user I am logging in as does have sufficient rights; I believe I have seen this issue on the mailing list archive or some other site, but without resolve. If anyone haves any input that may be of some use I would greatly appreciate the feedback.

Thank you

It’s been reported once, but there is no solution as other developers
and I can not reproduce the problem. The only option I see is to
delete record(s) from ACL table. The only inconsistent data you can
leave there are invalid delegations, but it’s possible to clean them
too. Delegations in the same table.

Anyway, it would be cool if you will dig a little bit to give us way
to reproduce the problem.On Sat, Nov 22, 2008 at 3:54 AM, Malcolm Frazier mfrazier@thoughtconvergence.com wrote:

Hello,

When I discovered this “bug” my original intention was to create a new queue
and a new user who would have complete control over the newly created queue,
but absolutely no privileges for any of the other queues that already exist.
Unfortunately I can not do this because when I create a new user and make
them a privileged user right off the bat they become a super user with the
ability to delegate rights and do whatever else they wish. To defeat this I
tried going to the global group rights and revoking the “DelegateRights” and
"SuperUser" rights from the groups “Everyone” and “unprivileged”, but when I
attempt to modify these I get the error “Right could not be revoked” I am
positive the user I am logging in as does have sufficient rights; I believe
I have seen this issue on the mailing list archive or some other site, but
without resolve. If anyone haves any input that may be of some use I would
greatly appreciate the feedback.

Thank you


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Best regards, Ruslan.