[rt-users] User can see other people tickets
Gavin Henry
ghenry at suretecsystems.com
Tue Jul 19 05:44:02 EDT 2005
<quote who="Phil Homewood">
> Gavin Henry wrote:
>> However, if they put in a ticket number that is not their own, in the Go
>> To
>> box, they can see that ticket (which is in the same queue).
>>
>> Should they be able to see a ticket that is not their own?
>
> Not unless you give them the right to do so...
I have set no rights globally, the only rights I have set relate to the
only two queues we have.
The only group given rights (except a staff group) is everyone, which have:
CreateTicket
ReplyToTicket
SeeQueue
That's it.
If I enable an automatically created user to log in, they can "Go To
Ticket" and put in ticket #1 etc. and see tickets that are not theirs.
Most however, do say "Permission Denied", but some don't.
>
>> I would have thought that you should only be able to select a ticket
>> that you
>> created, no?
>
> If that's how your rights are set up, yes. :-) Perhaps your
> Everyone (or (Un)Privileged) group has some rights it shouldn't
> have, either globally or at the queue level?
See above.
> --
>>>|<< http://www.bestpractical.com/rt -- Trouble Ticketing. Free.
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Be sure to check out the RT Wiki at http://wiki.bestpractical.com
>
More information about the rt-users
mailing list