[rt-users] Reset all ACLs to something sensible

Stephen Turner sturner at MIT.EDU
Tue May 2 09:58:57 EDT 2006


At Tuesday 5/2/2006 08:49 AM, Michael Erana wrote:
>I'd look at option #1. Seems viable considering that the ACLs tables 
>seems to be limited to Groups/Queues/CF objects. Just impose a 
>control on changes to perms on those objects during testing periods. 
>Oh, and make sure you have a before snapshot before you roll your 
>changes over....
>
>Greetings,
>    I have an "organically grown" RT system with a rat's nest of a 
> rights matrix. I want to clean this out and start again. I have 
> designed and tested a new set of rights for everyone but I'm 
> wondering as to the best way of getting this implemented. I have 
> the luxury of a development box that I can load snapshots of 
> production onto. I can see the following possibilities:
>
>* Dump PROD onto DEV, change things, dump ACL table on DEV and 
>import to PROD. But this means PROD has to remain static while this 
>is done otherwise horrible things will happen because of changes to 
>table indices etc. I can't see PROD not being used while this is 
>done so I doubt I can do this.
>* Manually altering all the PROD ACLs. Will take hours. Horrible but safe.
>* Some sort of API on top of SQL like the rt command line to remove, 
>replace and re-define rights?
>* Manual SQL stuff. Shudder.
>
>Any ideas?
>
>--
>Philip Kime
>NOPS Systems Architect
>310 401 0407
>

I would steer clear of options 1 and 4 unless you're EXTREMELY 
confident you know the RT database schema inside out. I'd recommend 
writing a perl script that uses the RT API. You can rerun a script 
like this as many times as you'd like until you get everything the 
way you want.

There are some examples of such scripts in the wiki under 
Contributions->External Utils. You can view the RT API documentation 
by using perldoc - http://wiki.bestpractical.com/index.cgi?perldoc .

Steve 




More information about the rt-users mailing list