[rt-users] User with no WatchAsAdminCc right was added as AdminCc

Kevin Falcone falcone at bestpractical.com
Mon Dec 19 13:13:28 EST 2011


On Mon, Dec 19, 2011 at 07:10:36PM +0100, Gerard FENELON wrote:
> Thanks Kevin
> 
> Is there a way to prevent this behaviour ?
> Sometimes I end up with Customers in AdminCc of tickets ...

User education/training.

Otherwise you have to write a Scrip that takes unprivileged users off
of tickets (or otherwise modify RT to prevent it).

It's quite useful to be able to add someone random as an AdminCc, to
grant temporary visibility into 1 ticket in a Queue they would never
normally have access to.

-kevin

> On 2011-12-19 19:01, Kevin Falcone wrote:
> >On Fri, Dec 16, 2011 at 05:24:41PM +0100, Gerard FENELON wrote:
> >>    Hi
> >>
> >>    One of my privileged users A was able to add another user B as AdminCc
> >>    even though that second User B does not have the WatchAsAdminCc right as far as I can make
> >>    out.
> >That right only affects your ability to add yourself as an AdminCc
> >User A has ModifyTicket, they can add anyone they want as an AdminCc.
> >
> >-kevin
> >
> >>    User B is not privileged.
> >>    User B does not have any rights for that Queue in Admin/Queues/UserRights.html
> >>
> >>    User B belongs to only one group C directly.
> >>    Group C is not included in any other.
> >>    Group C does not have any rights in Admin/Groups/GroupRights.html
> >>    Group C does not have any rights for that Queue in Admin/Queues/GroupRights.html
> >>
> >>    The WatchAsAdminCc right on that queue is only given to User-defined groups to which User B
> >>    does not belong either directly or indirectly.
> >>
> >>    If I look at the RightsMatrix for User B, he does not have WatchAsAdminCc right on any queue.
> >>    If I look at the RightsMatrix for Group C, it does not have WatchAsAdminCc right on any queue.
> >>
> >>    User A has the following rights on that queue C
> >>
> >>      * CommentOnTicket
> >>      * CreateTicket
> >>      * ModifyTicket
> >>      * OwnTicket
> >>      * ReplyToTicket
> >>      * SeeQueue
> >>      * ShowACL
> >>      * ShowOutgoingEmail
> >>      * ShowTicket
> >>      * ShowTicketComments
> >>      * StealTicket
> >>      * TakeTicket
> >>      * Watch
> >>      * WatchAsAdminCc
> >>
> >>    Any ideas where I might have messed up ?
> >>    Gerard
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Boston  March 5 & 6, 2012
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20111219/dcddbae0/attachment.sig>


More information about the rt-users mailing list