-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We have a fairly large RT install, and I have a queue in which it seems
most users somehow can add themselves as an AdminCC, when they should
not be able to (and I don’t want them to) as far as I can tell. I
believe that this means that 2 restrictions are not functioning
properly. The first is the ability of this privileged user to add an
AdminCC, and the second is the restrictions on who the target of and
AdminCC can be.
I did some searching, but most of the AdminCC threads seem to revolve
around AdminCC not notifying properly, which is not a problem I have.
Under Admin->Queues->(the queue in question)->Group Rights->Privileged
Users:
CommentOnTicket
CreateTicket
ReplyToTicket
ShowTicket
ShowTicketComments
But no “WatchAsAdminCC”. Same for unpriv, and everyone.
Under roles, nothing special but ShowTicket.
Under the user defined groups, there are 2 groups that have that right,
but they do NOT contain as a member the people who mistakenly obtained
permission to modify AdminCC.
Neither the person adding the AdminCC has queue modify permissions, nor
is the target person (an auto generated email address!) have permissions
“WatchAsAdminCC”. The user is not a SuperUser administrator either.
Under Admin->Queues->(the queue in question)->Group Rights->Privileged
Users: nothing has been selected. (Everything is handled via groups)
We’re on version 3.6.4.
I thought I was good with RT, but on this, I’m completely baffled.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAko/8BsACgkQxcV19bUNEEM9vgCgomzB7yLIQHCxcFeAJ7/xbXmt
/zwAoOVmf4X1mpuro2jctD18HFZYIqkU
=ZxNI
-----END PGP SIGNATURE-----
jon.vcf (356 Bytes)