[rt-users] User rights not checked when accessing tickets directly via number?
Adrian Goins
agoins at arces.net
Tue Apr 23 12:09:18 EDT 2002
me-maillists at billskill.com brought forth from the aether:
> Can anyone else confirm this behaviour or is it just me that has managed
> to screw up my config?
i have also experienced this, resulting in me not opening up our ticketing
system to our clients.
we have the following perms set (Contacts is a local group with the tech
contacts for that queue in it):
Queue.Group:
* Everyone - CreateTicket
* Requestor - CreateTicket
ReplyToTicket
* Contacts - CreateTicket
ReplyToTicket
Queue.User
No Rights For Anyone
Global.Group
* Requestor - ReplyToTicket
* Staff - CommentOnTicket
CreateTicket
DeleteTicket
ModifyTicket
OwnTicket
ReplyToTicket
SeeQueue
ShowTicket
ShowTicketComments
Watch
WatchAsAdminCc
if i create another group or user (like the Contacts group, but for
another queue), any user in that group can enter a ticket number and go
straight to the ticket.
> Magnus Egnerfors
--
Adrian Goins
Arces Network, LLC
http://www.arces.net
More information about the rt-users
mailing list