export / display effective permissions of all agents on all groups

[decoudam]

Hello all,

My management would like to have a full overview (export, CSV, List, whatever...) of all the effective permissions of all agents on all groups.
I can see the effective permissions on groups of every agent - one by one - but I can't find how to provide one list of all the effective permissions of all agents on all groups.

Do you think there's a way to do that and how ?

Many thanks !!!
Have a good day !
Damien

(Znuny 7.1.2 + ITSM)

[root]

Hello Damien,

This is only possible via SQL. The involved tables are users, group_user, role_user, group_role, roles, and permission_groups.

- Roy

[decoudam]

Many thanks Roy !

That was my idea, but I was wondering which tables were involved.
I'll try now...

Cheers !
Damien.

[hkais]

Hi Damien,

if you use the model:

Code: Select all

Roles ---haveOneOrMultipleGroups---> Groups ---haveOneOrMultipleRights---> Rights like permission to queues
  |
  |
  +---haveOneOrMulitpleUsers---> Users

you will have in terms of compliance already the required report.
The only thing is to ensure:
- no user has direct assignments of Groups
- every user has only Role assignments.


So your managers can define roles.
They can even manage the role to user assignment
and you can provide them easy a report, since the roles only hold the references to the technical Groups.
Sadly OTRS has decided in the past to use Groups as technical entitlements/technical rights. Instead of decoupling this and the groups do what it tells:
- put users into a manageable group.

but Roles can do the same in case of Znuny, you only have to think about a different naming in Znuny over Roles/Groups.