[rt-users] users able to view all tickets using "Search" function?
Lee Whalen
law at nellymoser.com
Mon Oct 23 14:51:55 EDT 2006
Has anyone noticed with RT 3.6.1 that an otherwise unpriviledged user
(one who belongs to a group that only has CreateTicket, ReplyTicket, and
SeeQueue applied and no other perms anywhere) can do a search for "%"
and view bunch of old, resolved tickets? I've also noticed that certain
tickets can be viewed directly just by typing the ticket number into the
search box, but other tickets get a permission-denied error. Is this
expected behavior, or do I have a really wacky permissions problem
kicking around somewheres in my database?
--Lee
More information about the rt-users
mailing list