I'd look at option #1. Seems viable considering that
the ACLs tables seems to be limited to Groups/Queues/CF objects. Just impose a
control on changes to perms on those objects during testing periods. Oh, and
make sure you have a before snapshot before you roll your changes
over....
Michael EraƱa,
CISSP
CTO
PC Network,
Inc.
[EMAIL PROTECTED]
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philip Kime
Sent: Monday, May 01, 2006 5:31 PM
To: [email protected]
Subject: [rt-users] Reset all ACLs to something sensibleGreetings,I have an "organically grown" RT system with a rat's nest of a rights matrix. I want to clean this out and start again. I have designed and tested a new set of rights for everyone but I'm wondering as to the best way of getting this implemented. I have the luxury of a development box that I can load snapshots of production onto. I can see the following possibilities:* Dump PROD onto DEV, change things, dump ACL table on DEV and import to PROD. But this means PROD has to remain static while this is done otherwise horrible things will happen because of changes to table indices etc. I can't see PROD not being used while this is done so I doubt I can do this.* Manually altering all the PROD ACLs. Will take hours. Horrible but safe.* Some sort of API on top of SQL like the rt command line to remove, replace and re-define rights?* Manual SQL stuff. Shudder.Any ideas?--Philip KimeNOPS Systems Architect310 401 0407
_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
