[rt-users] User with no WatchAsAdminCc right was added as AdminCc
Kevin Falcone
falcone at bestpractical.com
Mon Dec 19 13:01:42 EST 2011
On Fri, Dec 16, 2011 at 05:24:41PM +0100, Gerard FENELON wrote:
> Hi
>
> One of my privileged users A was able to add another user B as AdminCc
> even though that second User B does not have the WatchAsAdminCc right as far as I can make
> out.
That right only affects your ability to add yourself as an AdminCc
User A has ModifyTicket, they can add anyone they want as an AdminCc.
-kevin
> User B is not privileged.
> User B does not have any rights for that Queue in Admin/Queues/UserRights.html
>
> User B belongs to only one group C directly.
> Group C is not included in any other.
> Group C does not have any rights in Admin/Groups/GroupRights.html
> Group C does not have any rights for that Queue in Admin/Queues/GroupRights.html
>
> The WatchAsAdminCc right on that queue is only given to User-defined groups to which User B
> does not belong either directly or indirectly.
>
> If I look at the RightsMatrix for User B, he does not have WatchAsAdminCc right on any queue.
> If I look at the RightsMatrix for Group C, it does not have WatchAsAdminCc right on any queue.
>
> User A has the following rights on that queue C
>
> * CommentOnTicket
> * CreateTicket
> * ModifyTicket
> * OwnTicket
> * ReplyToTicket
> * SeeQueue
> * ShowACL
> * ShowOutgoingEmail
> * ShowTicket
> * ShowTicketComments
> * StealTicket
> * TakeTicket
> * Watch
> * WatchAsAdminCc
>
> Any ideas where I might have messed up ?
>
> Gerard
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Boston ? March 5 & 6, 2012
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20111219/33f9e008/attachment.sig>
More information about the rt-users
mailing list