[rt-users] Reset all ACLs to something sensible
Michael Erana
cto at lanusa.com
Tue May 2 08:49:45 EDT 2006
I'd look at option #1. Seems viable considering that the ACLs tables seems to be limited to Groups/Queues/CF objects. Just impose a control on changes to perms on those objects during testing periods. Oh, and make sure you have a before snapshot before you roll your changes over....
Michael Eraña, CISSP
CTO
PC Network, Inc.
eranam at lanusa.com
________________________________
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Philip Kime
Sent: Monday, May 01, 2006 5:31 PM
To: rt-users at lists.bestpractical.com
Subject: [rt-users] Reset all ACLs to something sensible
Greetings,
I have an "organically grown" RT system with a rat's nest of a rights matrix. I want to clean this out and start again. I have designed and tested a new set of rights for everyone but I'm wondering as to the best way of getting this implemented. I have the luxury of a development box that I can load snapshots of production onto. I can see the following possibilities:
* Dump PROD onto DEV, change things, dump ACL table on DEV and import to PROD. But this means PROD has to remain static while this is done otherwise horrible things will happen because of changes to table indices etc. I can't see PROD not being used while this is done so I doubt I can do this.
* Manually altering all the PROD ACLs. Will take hours. Horrible but safe.
* Some sort of API on top of SQL like the rt command line to remove, replace and re-define rights?
* Manual SQL stuff. Shudder.
Any ideas?
--
Philip Kime
NOPS Systems Architect
310 401 0407
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20060502/7d6358fe/attachment.htm>
More information about the rt-users
mailing list