[rt-users] Difficulty trying to track down how a user has WatchAsAdminCC Privileges (when they should not).

Jonathan Hartford jon at itasoftware.com
Mon Jun 22 16:56:59 EDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


We have a fairly large RT install, and I have a queue in which it seems
most users somehow can add themselves as an AdminCC, when they should
not be able to (and I don't want them to) as far as I can tell.  I
believe that this means that 2 restrictions are not functioning
properly.  The first is the ability of this privileged user to add an
AdminCC, and the second is the restrictions on who the target of and
AdminCC can be.

I did some searching, but most of the AdminCC threads seem to revolve
around AdminCC not notifying properly, which is not a problem I have.

Under Admin->Queues->(the queue in question)->Group Rights->Privileged
Users:
CommentOnTicket
CreateTicket
ReplyToTicket
ShowTicket
ShowTicketComments

But no "WatchAsAdminCC".   Same for unpriv, and everyone.

Under roles, nothing special but ShowTicket.

Under the user defined groups, there are 2 groups that have that right,
but they do NOT contain as a member the people who mistakenly obtained
permission to modify AdminCC.

Neither the person adding the AdminCC has queue modify permissions, nor
is the target person (an auto generated email address!) have permissions
"WatchAsAdminCC".  The user is not a SuperUser administrator either.

Under Admin->Queues->(the queue in question)->Group Rights->Privileged
Users:  nothing has been selected.  (Everything is handled via groups)

We're on version 3.6.4.

I thought I was good with RT, but on this, I'm completely baffled.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAko/8BsACgkQxcV19bUNEEM9vgCgomzB7yLIQHCxcFeAJ7/xbXmt
/zwAoOVmf4X1mpuro2jctD18HFZYIqkU
=ZxNI
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jon.vcf
Type: text/x-vcard
Size: 356 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20090622/7cc82312/attachment.vcf>


More information about the rt-users mailing list