[rt-users] AdminCcs can reply even without ReplyToTicket right?

Ruslan Zakirov ruz at bestpractical.com
Thu Feb 7 19:06:48 EST 2008


On Feb 8, 2008 2:45 AM, Ole Craig <ocraig at stillsecure.com> wrote:
> (RT 3.6.0)
>
> Do AdminCC users automatically get the ability to correspond with the
> Requestor, even when the ReplyToTicket right is de-selected for the
> role? If so, why is it selectable at all?
No, they don't get unless they have this right via other roles or
directly via group membership. I don't remember any bug fix that can
be close to the problem you're describing, but 3.6.0 had been released
on Jun 15 2006. It's very-very old.

>
> I'm trying to restrict things such that only Owners or members of a
> specific privileged group can reply directly to customers; we generally
> use the AdminCC role as an escalation mechanism with engineering, and
> our developers have asked us to make sure that they can't accidentally
> reply to customers instead of commenting the ticket. I removed
> ReplyToTicket rights for everyone except Owners, Ccs, Requestors, and
> our user-defined CSE group, but after some testing it looks like non-CSE
> staffmembers can still correspond with the Requestor through RT. (I also
> checked using Todd's excellent RightsMatrix tool, and as far as I can
> tell nobody has ReplyToTicket who shouldn't.)
>
> Am I missing something obvious?

-- 
Best regards, Ruslan.



More information about the rt-users mailing list