[rt-users] Policy: Removing priviledged users

Bruce Campbell bruce_campbell at ripe.net
Fri Jul 12 09:48:12 EDT 2002


On Thu, 11 Jul 2002, Damian Gerow wrote:

> When priviledged user accounts need to be removed, how do people do it?

> So far, we've gone in and removed all rights from the user, then gone
> through each queue and removed them from any Cc: or AdminCc: lists, plust
> all groups, then gone through the specific User Rights for each queue, and
> removed any rights in there.  All this works, but it's starting to get
> tedious and time-consuming.

If you are doing this frequently, then you really need to look at your
staff turnover rates.

As a method of making it easier, I'd suggest using one address for the
AdminCc alias; eg queuename at example.com knows that the AdminCc to mail is
queuename-hidden at example.com.

That would cut the RT changes required to removing the user from the
groups, and disabling their access to RT.

> My question is: how do people deal with staff who leave?

Our working environment is perfect.  No one would ever want to leave.  We
have thought of everything, including the snipers on nearby buildings.

> Is simply removing
> all rights for the user enough?

Yes.  Note that you cannot remove the user themselves, as that will break
the references to the user in the database.


-- 
                             Bruce Campbell                            RIPE
                   Systems/Network Engineer                             NCC
                 www.ripe.net - PGP562C8B1B             Operations/Security





More information about the rt-users mailing list