[rt-users] urgent: disable search for new watchers
Raed El-Hames
rfh at vialtus.com
Thu Jun 18 12:57:15 EDT 2009
Violetta;
You also made these people privileged (Let this user be granted rights
is ticked), the question is do you want them to be privileged, if these
are your customers then you should untick this and force them into the
restricted SelfService, if you have to have them privileged then by
default they will see the peoples tab, and to restrict that you will
need to add extra code in few places.
Regards;
Roy
Violetta J. Wawryk wrote:
> Hi,
>
> RT is 3.6.1 on a debian system
>
> we just found out that in the people section everyone who can login can
> search for people. So a person who has the following rights:
>
> CreateTicket
> ReplyToTicket
> SeeQueue
> ShowTicket
>
> can go to the people section and do a search like:
>
> userid doesn't contain xyz
>
> he gets all the users of the RT. Since this is a security issue, is
> there anything that I can do to prevent these searches?
>
> It might be disabled in a newer version, if so which would that be?
>
> A quick search on the list didn't give me an answer, therefore I have to
> ask this. Sorry if it's been on the list before.
>
> Quick help is really appreciated, thanks in advance!!!!
>
> Regards
> Violetta
>
>
More information about the rt-users
mailing list