[rt-users] AdminCcs can reply even without ReplyToTicket right?
Ole Craig
ocraig at stillsecure.com
Thu Feb 7 18:45:13 EST 2008
(RT 3.6.0)
Do AdminCC users automatically get the ability to correspond with the
Requestor, even when the ReplyToTicket right is de-selected for the
role? If so, why is it selectable at all?
I'm trying to restrict things such that only Owners or members of a
specific privileged group can reply directly to customers; we generally
use the AdminCC role as an escalation mechanism with engineering, and
our developers have asked us to make sure that they can't accidentally
reply to customers instead of commenting the ticket. I removed
ReplyToTicket rights for everyone except Owners, Ccs, Requestors, and
our user-defined CSE group, but after some testing it looks like non-CSE
staffmembers can still correspond with the Requestor through RT. (I also
checked using Todd's excellent RightsMatrix tool, and as far as I can
tell nobody has ReplyToTicket who shouldn't.)
Am I missing something obvious?
--
/Ole Craig
Security Engineer
Team lead, customer support
ocraig at stillsecure.com
303-381-3802 main support line
303-381-3824 my voicemail
303-381-3880 fax
www.stillsecure.com
More information about the rt-users
mailing list