[rt-users] Reset all ACLs to something sensible
Stephen Turner
sturner at MIT.EDU
Tue May 2 09:58:57 EDT 2006
At Tuesday 5/2/2006 08:49 AM, Michael Erana wrote:
>I'd look at option #1. Seems viable considering that the ACLs tables
>seems to be limited to Groups/Queues/CF objects. Just impose a
>control on changes to perms on those objects during testing periods.
>Oh, and make sure you have a before snapshot before you roll your
>changes over....
>
>Greetings,
> I have an "organically grown" RT system with a rat's nest of a
> rights matrix. I want to clean this out and start again. I have
> designed and tested a new set of rights for everyone but I'm
> wondering as to the best way of getting this implemented. I have
> the luxury of a development box that I can load snapshots of
> production onto. I can see the following possibilities:
>
>* Dump PROD onto DEV, change things, dump ACL table on DEV and
>import to PROD. But this means PROD has to remain static while this
>is done otherwise horrible things will happen because of changes to
>table indices etc. I can't see PROD not being used while this is
>done so I doubt I can do this.
>* Manually altering all the PROD ACLs. Will take hours. Horrible but safe.
>* Some sort of API on top of SQL like the rt command line to remove,
>replace and re-define rights?
>* Manual SQL stuff. Shudder.
>
>Any ideas?
>
>--
>Philip Kime
>NOPS Systems Architect
>310 401 0407
>
I would steer clear of options 1 and 4 unless you're EXTREMELY
confident you know the RT database schema inside out. I'd recommend
writing a perl script that uses the RT API. You can rerun a script
like this as many times as you'd like until you get everything the
way you want.
There are some examples of such scripts in the wiki under
Contributions->External Utils. You can view the RT API documentation
by using perldoc - http://wiki.bestpractical.com/index.cgi?perldoc .
Steve
More information about the rt-users
mailing list