Q: What's the relationship between RT groups and Moira groups and where should I make updates to give people access ?
What do the RT groups oldrt- mean?
What changes should I, a queue admin, think about making to use the new Moira - RT features?
Answer
In RT, if you see a group with the prefix oldrt- then that is an RT-only group. During the migration to RT 4, it could not be cleanly transitioned to a Moira group, either because the matching moira group was sufficiently different or the RT group had subgroups. The RT group was instead renamed to oldrt-groupname to avoid collisions. You can continue to use these groups if you like, but you will need to use RT to add or remove members.
Note that, if a group with the same name did not already exist, a matching Moira group was created and populated during the RT upgrade, and queue administrators can transition their queue permissions to this group after verifying that the membership is correct and dealing with any nested groups issues. For example, if you see a group in RT called oldrt-administrative-systems-rtacl then there is most likely also a Moira group called administrative-systems-rtacl.
Going forward, we recommend transitioning oldrt- groups, and the permissions attached to them, to use Moira groups. That would involve creating a Moira group with the same members as the oldrt- group and once that group is available in RT, the next day, grant that group the appropriate permissions. (Tools > Configuration > Queues > Select > Group Rights)
If the RT group name matches a Moira group by the same name, it is updated from Moira/LDAP nightly. (It's not a real-time link because the performance would be too slow.) Any membership changes should be made to the Moira group, using webmoira .
If you are adding a new staff member but they don't need to access RT until the next day, you can add them to the Moira group.
If a user needs access to RT right away, you can add them to both the Moira group and the RT group. Attention: If you only add the new user to the RT group, that change will be overwritten by the nightly LDAP update to reflect the current group membership as shown in Moira, so be sure to add them to both RT and Moira groups.