[rt-users] goto ticket error (security problem)
Michael Shanks
mike at tekniq.org
Mon Mar 20 12:17:51 EST 2006
Cheers guys, sorted this one out now, got my head around it from the advise
jesse gave :-)
-----Original Message-----
From: Ken Crocker [mailto:KFCrocker at lbl.gov]
Sent: Monday, March 20, 2006 5:14 PM
To: Michael Shanks
Cc: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] goto ticket error (security problem)
Michael,
Try giving the role "Requestor" the following rights; see queue, see
ticket, see outgoing e_mail, reply to ticket and watch. That way they can
find their tickets in the queue and interact about thos tickets only as the
"requestor".
Kenn
Michael Shanks wrote:
Hello
If I remove this right it corrects the problem, however my user now cannot
see his open or closed tickets also
-----Original Message-----
From: Jesse Vincent [mailto:jesse at bestpractical.com]
Sent: 18 March 2006 03:23
To: Michael Shanks
Cc: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] goto ticket error (security problem)
On Sat, Mar 18, 2006 at 02:00:26AM -0000, Michael Shanks wrote:
Hello I am configuring a new helpdesk using request tracker, I notice one
problem and I am wondering if you can help me with my configuration,
When a user logs into the self service page they are presented with their
open tickets, top right is also the goto ticket option, when the user
types
in any ticket ID the ticket is shown to them even if they are not the
original submitter,
You've granted "Everyone" the right to "ShowTicket"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20060320/7bcd8a61/attachment.htm>
More information about the rt-users
mailing list