Tools for auditing user/group permissions? (3.4.5)

RT Users
1

Is there any good way - a built-in that I’m not aware of, a nice
external add-on, whatever - to get a readable report on all my users and
what permissions they have?

I’ve got someone noting

Ok, got it. But I still argue that either:

  1. I should be able to see any comment I have posted regardless of the
    lists I’m on, or

  2. I should not be able to post comments if I’m not privileged to see
    them.

and my boss replying:

Agreed with #2. That you can suggests that something is incorrect in the
permissions somewhere. JB should fix that.

So it seems that it’s time for me to do a full system
user(-and-thus-group) audit and figure out who can do what where (and
via what permissions grant.)

Anyone have any ideas?

Thanks in advance,
JB
JB Segal 617-886-5575 www.smartertravel.com
Systems/Network Admin. 465 Medford St. Ste 400 www.bookingbuddy.com
Smarter Living, Inc. Boston, MA 02129 www.tripmania.com

2

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf
Of JB Segal
Sent: Monday, April 10, 2006 3:04 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] Tools for auditing user/group permissions? (3.4.5)

Is there any good way - a built-in that I’m not aware of, a nice
external add-on, whatever - to get a readable report on all
my users and
what permissions they have?

I’ve got someone noting

Ok, got it. But I still argue that either:

  1. I should be able to see any comment I have posted
    regardless of the
    lists I’m on, or

  2. I should not be able to post comments if I’m not
    privileged to see
    them.

and my boss replying:

Agreed with #2. That you can suggests that something is
incorrect in the
permissions somewhere. JB should fix that.

So it seems that it’s time for me to do a full system
user(-and-thus-group) audit and figure out who can do what where (and
via what permissions grant.)

Anyone have any ideas?

Thanks in advance,
JB

RTx::RightsMatrix…

http://search.cpan.org/~htchapman/RTx-RightsMatrix-0.03.00/lib/RTx/Right
sMatrix.pm

3

Someone mentioned RTx::RightsMatrix, which I wrote, but it only gives
you the permissions for one user, group, or role at a time. I guess
it could be extended to do what you want, but depending on the
number of users, groups, queues, and custom fields, this could be
a very expensive (in terms of CPU) report.

-Todd