[rt-users] Other queues showing up in "RT at a Glance"
Brelsfoard, Alex
alexb at WPI.EDU
Mon Mar 28 14:31:56 EST 2005
Yeah, this is exactly what is going on with our setup. We have an email
alias setup to be able to create tickets. But for this to be working what
exactly needs to be? I have taken away ALL rights from "Everyone" and have
Watch and CreateTicket set for "Requestor". Emails are still able to create
tickets, but low-level users are also still seeing tickets they shouldn't be.
CORRECTION: I am using version 3.4.1, NOT 3.4.2, sorry.
I am going to keep playing with the group rights, but I don't see how any
other playing is going to change anything (at least not the way I want it to
be change).
If anyone has any ideas, I greatly welcome them...
Thanks again.
--Alex
Alex Brelsfoard
Web Applications Developer
Web Development Office
Worcester Polytechnic Institute
508-831-6147
alexb at wpi.edu
-----Original Message-----
From: Tim Bishop [mailto:tim-lists at bishnet.net]
Sent: Monday, March 28, 2005 12:39 PM
To: Brelsfoard, Alex
Cc: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Other queues showing up in "RT at a Glance"
On Mon, 2005-03-28 at 11:49 -0500, Brelsfoard, Alex wrote:
> OK, so one of my co-workers just noticed that people are seeing
> tickets from queues they don't have access too being listed in the "10
> newest unowned tickets..." window. But here's the kinda weird bit:
> there is nothing under the "Queue" column for the tickets in the
> queues these people don't have access to. When I look (I have access
> to see all queues) I see all the queue names. So, to recap, Everyone
> sees all the tickets listed in that window. If you have access to a
> queue, you see its name listed, otherwise just blank space. This is
> very dangerous, because anyone can click on any of those links to view
> the contents of those tickets,a nd they an even TAKE the ticket.
I have the same "problem", but I think I know why.
On my queue(s) I have permissions for "CommentOnTicket", "CreateTicket",
"ReplyToTicket", and "ShowTicket" assigned to Everyone. This was to allow
tickets to be created and commented/replied to using email. And I think so
that people could use the web interface to view their own tickets.
I suspect you have something similar...
A fix? I'm not sure - remove the ShowTicket right and give it to the
Requestor instead?
Cheers,
Tim.
--
Tim Bishop
http://www.bishnet.net/tim/
PGP Key: 0x5AE7D984
More information about the rt-users
mailing list