RT Rights Bug?

In Principal::HasRight

unshift @{ $args{'EquivObjects'} }, $RT::System
    unless $self->can('_IsOverrideGlobalACL')
           && $self->_IsOverrideGlobalACL( $args{'Object'} );

Shouldn’t _IsOverrideGlobalACL be checked on $args{Object} instead of $self?

RT is conferring SuperUser rights for AssetTracker rights when I don’t
want it to.

In Principal::HasRight

unshift @{ $args{'EquivObjects'} }, $RT::System
    unless $self->can('_IsOverrideGlobalACL')
           && $self->_IsOverrideGlobalACL( $args{'Object'} );

Shouldn’t _IsOverrideGlobalACL be checked on $args{Object} instead of $self?

Nope. It was a hook to let sites make global ACL overrides per user
based on some external criterion.