[rt-users] Confidentiality issue when customers searching by ticket number
Ruslan Zakirov
ruz at bestpractical.com
Thu Sep 19 14:20:40 EDT 2013
You should grant ShowTicket via Requestor role for your customers rather
than via direct granting to a group.
Use
http://search.cpan.org/~ruz/RT-Extension-Utils-0.06/sbin/rt-check-user-right-on-ticketto
check how particular user gets a right to a ticket.
On Thu, Sep 19, 2013 at 3:08 PM, Aurelien Lafranchise <
aurelien.lafranchise at mobiquithings.com> wrote:
> Hello all,
>
> I am facing a confidentiality problem on my RT instance.
>
> My customers have access to RT to create ticket. In the interface they
> have a search field they can use to go to a ticket number. The problem is
> that they can put a ticket number and see the ticket even if it not one of
> their tickets.
>
> I cannot find anywhere in the documentation or google any start of
> explanation on that.
>
> Also all my customers are under the same group.
>
> Thanks for your help
> Regards.
>
> AL
>
> --
> RT Training in New York, October 8th and 9th:
> http://bestpractical.com/training
>
--
Best regards, Ruslan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130919/ca069601/attachment.htm>
More information about the rt-users
mailing list