Problem with rights : privileged users have access to everything

Hi all,

I have created an internal staff group which will work on tickets. The
"Everyone" group is granted rights to create and answer ticket so that
anybody can create tickets using the proper email address to aim the right
queue. This works fine but our clients would like to see what’s going on in
their own queue.

So I created, for each queue, a group with the queue rights : See Queue,
Show Ticket, CreateTicket, Reply Ticket. It’s exactly what I need but there
is a huge problem with this configuration. Users of this group, even if they
have almost no rights at all, can browse the whole configuration directory.
The most disturbing thing is that they can list all users of the database
and get their emails…
Is there a way to disable the configuration link when it’s not needed, or
another way to set up RT ?

I searched the whole list and found some unanswered questions similar to
Thanks a lot