[rt-users] RTV4.0.0: User Access Restrictions

Kenneth Crocker kfcrocker at lbl.gov
Thu Jul 7 12:59:42 EDT 2011


Joanne,

Have you installed RT::Rights Matrix? I have found that VERY useful in the
past. If someone is getting rights from more than one setting, it will show
up in those results.

Kenn
LBNL


On Thu, Jul 7, 2011 at 9:28 AM, Alex Vandiver <alexmv at bestpractical.com>wrote:

> On Thu, 2011-07-07 at 09:52 -0400, Thomas Sibley wrote:
> > On 07/06/2011 06:44 PM, Joanne Keown wrote:
> > > Back in June I emailed the below question/request for help and I don’t
> > > believe I have seen a response to that.
> > >
> > > Does anyone have any good ideas/pointers on this?  I have searched
> > > archives & manuals etc. but I can’t see what right I am applying that
> is
> > > allowing all my users Admin rights.
> >
> > The information in the spreadsheet simply isn't enough.  There's many
> > other places you could be granting them rights.  We can't offer more
> > than guesses without essentially a database dump of the relevant RT
> tables.
>
> You have likely misapplied the "Superuser" right on some group the users
> are in, directly or indirectly.  The following (which is untested,
> simply written off the top of my head), run from your database, should
> tell you which group that they are in has this right:
>
> select Groups.* from Users
>  join CachedGroupMembers on CachedGroupMembers.MemberId = Users.id
>  join ACL on ACL.PrincipalId = CachedGroupMembers.GroupId
>          and ACL.RightName = 'SuperUser'
>  join Groups on Groups.id = ACL.PrincipalId
> where Users.Name = 'dchapman'
>
> - Alex
>
>
> --------
> 2011 Training: http://bestpractical.com/services/training.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110707/cf2ce311/attachment.htm>


More information about the rt-users mailing list