[rt-users] Confidentiality issue when customers searching by ticket number
Aurelien Lafranchise
aurelien.lafranchise at mobiquithings.com
Fri Sep 20 04:22:40 EDT 2013
You are totally right.
Thanks for your help and the tool that I did not know.
Aurélien Lafranchise
Network Operations Manager
Mob.: +33 (0)6 03 88 36 26
Fax: +33 (0)4 83 33 45 61
eMail: aurelien.lafranchise at mobiquithings.com
Web: http://www.mobiquithings.com
Le 19 sept. 2013 à 20:20, Ruslan Zakirov <ruz at bestpractical.com> a écrit :
> You should grant ShowTicket via Requestor role for your customers rather than via direct granting to a group.
>
> Use http://search.cpan.org/~ruz/RT-Extension-Utils-0.06/sbin/rt-check-user-right-on-ticket to check how particular user gets a right to a ticket.
>
>
> On Thu, Sep 19, 2013 at 3:08 PM, Aurelien Lafranchise <aurelien.lafranchise at mobiquithings.com> wrote:
> Hello all,
>
> I am facing a confidentiality problem on my RT instance.
>
> My customers have access to RT to create ticket. In the interface they have a search field they can use to go to a ticket number. The problem is that they can put a ticket number and see the ticket even if it not one of their tickets.
>
> I cannot find anywhere in the documentation or google any start of explanation on that.
>
> Also all my customers are under the same group.
>
> Thanks for your help
> Regards.
>
> AL
>
> --
> RT Training in New York, October 8th and 9th: http://bestpractical.com/training
>
>
>
> --
> Best regards, Ruslan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130920/79b9c5d5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MBQT_signature.png
Type: image/png
Size: 10817 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130920/79b9c5d5/attachment.png>
More information about the rt-users
mailing list