Re: [rt-users] RT permission question
Stephen, HA! I finally figured it out. I moved the code that forced the owner to Nobody from PREP to Clean-up. That did it. Since only the Owner could modify the ticket, I was undoing that with the prep code. Talk about shooting yourself in the foot. Thanks for the help. Kenn LBNL On 12/17/2008 3:12 PM, Kenneth Crocker wrote: Stephen, Here's another interesting test result; I had this same user create a ticket in MY queue, which allows any privileged user the SeeQueue and CreateTicket rights. Then I had this person create a ticket in his own queue, make himself owner and then try to move it to my queue, No joy.? Kenn LBNL On 12/17/2008 12:27 PM, Stephen Turner wrote: On Wed, 17 Dec 2008 15:22:24 -0500, Kenneth Crocker kfcroc...@lbl.gov wrote: Stephen, I tried the following tests: 1) added rights to the first group for target queue. No Joy. 2) tried to have owner move ticket to a queue that allowed any privileged user to CreateTicket. Also no joy. I'm dumbfounded. He IS a privileged user or I wouldn't be able to have him in a group. Of course, I checked anyway. Kenn LBNL Kenn, Does your user have ModifyTicket on the from queue? One way to really get to the bottom of this is a Perl script that (logged on as your user) uses the API to read the ticket and attempts to change the queue. Stepping through the code using the debugger should show you exactly where the permission denied is happening and should help you figure out why. Steve ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT permission question
Stephen, It merely says Permission denied. I was looking at the groups he is in and found that he is in two groups. The first one (Alphabetically) is not allowed to create tickets in the target queue, but the second is. He already is the ticket owner and has ModifyTicket rights. I was wondering if RT checks group rights for a target queue and if the first one fails, doesn't bother to check any others? Just a thought. I'm going to do a test by adding the create rights to that first group. Kenn LBNL On 12/16/2008 1:17 PM, Stephen Turner wrote: On Tue, 16 Dec 2008 16:06:53 -0500, Kenneth Crocker kfcroc...@lbl.gov wrote: To all, I thought I understood most of the permission relationships in RT, but I find I'm a bit stumped with a problem I'm having. I know that to move a ticket from one queue to another queue that person/group initiating the move must have SeeQueue and CreateTicket rights for the intended queue. I have a situation where those rights are granted, but permission is denied. Kenn, Does the ticket actually get moved to the other queue? Also, exactly what error message appears? Steve ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT permission question
Stephen, I tried the following tests: 1) added rights to the first group for target queue. No Joy. 2) tried to have owner move ticket to a queue that allowed any privileged user to CreateTicket. Also no joy. I'm dumbfounded. He IS a privileged user or I wouldn't be able to have him in a group. Of course, I checked anyway. Kenn LBNL On 12/16/2008 1:17 PM, Stephen Turner wrote: On Tue, 16 Dec 2008 16:06:53 -0500, Kenneth Crocker kfcroc...@lbl.gov wrote: To all, I thought I understood most of the permission relationships in RT, but I find I'm a bit stumped with a problem I'm having. I know that to move a ticket from one queue to another queue that person/group initiating the move must have SeeQueue and CreateTicket rights for the intended queue. I have a situation where those rights are granted, but permission is denied. Kenn, Does the ticket actually get moved to the other queue? Also, exactly what error message appears? Steve ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT permission question
On Wed, 17 Dec 2008 15:22:24 -0500, Kenneth Crocker kfcroc...@lbl.gov wrote: Stephen, I tried the following tests: 1) added rights to the first group for target queue. No Joy. 2) tried to have owner move ticket to a queue that allowed any privileged user to CreateTicket. Also no joy. I'm dumbfounded. He IS a privileged user or I wouldn't be able to have him in a group. Of course, I checked anyway. Kenn LBNL Kenn, Does your user have ModifyTicket on the from queue? One way to really get to the bottom of this is a Perl script that (logged on as your user) uses the API to read the ticket and attempts to change the queue. Stepping through the code using the debugger should show you exactly where the permission denied is happening and should help you figure out why. Steve -- Stephen Turner Senior Programmer/Analyst - SAIS MIT IST ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT permission question
Stephen, Here's another interesting test result; I had this same user create a ticket in MY queue, which allows any privileged user the SeeQueue and CreateTicket rights. Then I had this person create a ticket in his own queue, make himself owner and then try to move it to my queue, No joy.? Kenn LBNL On 12/17/2008 12:27 PM, Stephen Turner wrote: On Wed, 17 Dec 2008 15:22:24 -0500, Kenneth Crocker kfcroc...@lbl.gov wrote: Stephen, I tried the following tests: 1) added rights to the first group for target queue. No Joy. 2) tried to have owner move ticket to a queue that allowed any privileged user to CreateTicket. Also no joy. I'm dumbfounded. He IS a privileged user or I wouldn't be able to have him in a group. Of course, I checked anyway. Kenn LBNL Kenn, Does your user have ModifyTicket on the from queue? One way to really get to the bottom of this is a Perl script that (logged on as your user) uses the API to read the ticket and attempts to change the queue. Stepping through the code using the debugger should show you exactly where the permission denied is happening and should help you figure out why. Steve ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] RT permission question
To all, I thought I understood most of the permission relationships in RT, but I find I'm a bit stumped with a problem I'm having. I know that to move a ticket from one queue to another queue that person/group initiating the move must have SeeQueue and CreateTicket rights for the intended queue. I have a situation where those rights are granted, but permission is denied. I also have a scrip that modifies the owner to nobody when a ticket is moved to another queue. Currently, the code to modify the owner is in cleanup code. Does anyone have a clue as to why this transaction is not being allowed? Thanks in advance. Kenn LBNL ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT permission question
On Tue, 16 Dec 2008 16:06:53 -0500, Kenneth Crocker kfcroc...@lbl.gov wrote: To all, I thought I understood most of the permission relationships in RT, but I find I'm a bit stumped with a problem I'm having. I know that to move a ticket from one queue to another queue that person/group initiating the move must have SeeQueue and CreateTicket rights for the intended queue. I have a situation where those rights are granted, but permission is denied. Kenn, Does the ticket actually get moved to the other queue? Also, exactly what error message appears? Steve -- Stephen Turner Senior Programmer/Analyst - SAIS MIT IST ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
