[rt-users] possible permissions (ModifyTicket) bug in 3.4.5?

Ruslan Zakirov ruslan.zakirov at gmail.com
Wed Apr 26 19:22:10 EDT 2006


On 4/26/06, Joshua Colson <jcolson at voidgate.org> wrote:
> On Wed, 2006-04-26 at 14:16 -0400, Claude M. Schrader wrote:
> > Hello,
> > We have been removing all global permissions from the Privileged user
> > group on our RT install, to let some important customers have access to
> > their own support queue. In doing this, we seem to have stumbled on what
> > appears to be a bug with the ModifyTicket setting. The user is able to
> > search for email addresses through the "People" area of a ticket, and
> > return a list of every email address known to rt.
> >
'%' in searches is really feature and works like wildcard.
I agree that if you couldn't modify people then you shouldn't be able
to get list of the users.

>
> I don't think this is a bug, more like a feature. RT makes the
> assumption that Privileged users are just that, privileged.
I don't agree with this. Privileged are people who can have some
privileges given to them directly or via groups membership.

>
> What it seems you're attempting to do (setup mini-instances using
> queues) is not how RT is designed to operate (to my understanding).
> However, that being said, you should be able to add your own custom
> Rights to handle your situation. There may even be somebody who has done
> it already.
And I don't agree with this too. RT is not well designed for setups
with many queues (one queue per customer for example), but works good
with one 'support' queue for all support requests from customers.

>
>
> --
> Joshua Colson <jcolson at voidgate.org>
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
>
> We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
>


--
Best regards, Ruslan.


More information about the rt-users mailing list