I wanted to follow up on this, as this is rapidly becoming a ‘make or
break’ issue to whether we keep RT here.
I got one reply back privately with a suggestion, but so far, that
hasn’t seemed to work.
Right now, I’m experimenting to see if I can do this with RT3, but so
far, I’ve not been able to restrict it so that ‘Requestor 1’ can only
see tickets that they have submitted, and not see tickets from
I’ve limited the groups down as follows thus far:
Global group Everyone:
Queue group Requestor:
If I log in as ‘Requestor 1’ who submitted ticket (for example’s sake)
3101, I see that ticket in the listing of tickets that user requested.
All well and good. However, if I enter ticket 3095 (submitted by
’Requestor 2’ from another company) in the ‘Goto Ticket’ box, or edit
the URL so that id=3095 is passed to Display.html, then ‘Requestor 1’ is
able to see 'Requestor 2’s ticket, as well as any proprietary and
confidential information that might be in that ticket. This is what we
absolutely must be able to prevent if we are to continue with RT at our
‘Requestor 1’ must not be able to see tickets that they did not
Is this possible? If not, what would need to be done to make it so in
Thanks,On Thu, 2003-03-27 at 10:40, Jeremy Doran wrote:
First of all, we’re looking to see if it’s possible for customers (ie,
people external to our environment) who send in tickets can log into RT
and see their tickets from the web interface. I see that this is
possible from setting the ShowTicket privilege, but the problem here is
that they can just type in any ticket number, and as long as they have
that permission for that queue, they can see any ticket in that queue.
Is there any permission that should be set that will restrict that
requestor to only see tickets that they have requested?
Jeremy Doran firstname.lastname@example.org