Hello RT gurus,
I apparently have some permissions set wrong for regular users on my RT
system.
Up until today we’d never allowed anyone to have web access to the RT
system other than the people answering tickets.
I was reading through the Wiki and found this :
http://wiki.bestpractical.com/index.cgi?AutogeneratedPassword
So I decided to set it up and do some testing.
It works perfectly to send the user the URL and allow them to log in and
show them their tickets.
However, in the top right of the screen the usual “Go to ticket number”
submission field is there, and for some reason regular users can put any
ticket number in there and see those tickets, including Comments.
How can I fix this? Apparently I have some work to do on the
permissions. I tinkered with it for a while, but haven’t found an
intuitive way to do what I want.
Is there any way to tell RT to only allow them to see tickets they have
created? Is there additional information I could provide that would
help someone explain the security permissions to me until I say “Ah-Ha!”
and the lightbulb goes on over my head?
Thanks in advance,
Nate Duehr, nate@natetech.com