Requester can see other requesters' tickets

Hello to the RT happy community,

First of all, I would like to thank Best Practical to
make this excellent software available to the
community.

We have successfully installed the latest 3.4.1
version on a FC3 server, started to learn RT’s roles
and privileges and are still playing with it (not in
production yet).

I have a question regarding users’ rights. We have
created a group, named “Customers” which holds members
from all our clients coming from different companies.

Members of that group have very limited rights :
can create/correspond on tickets, see closed and open
tickets, modify self. They also are members of the
"Everyone" and “Unprivilegied” groups.

Say I have Bill from Company A and John from Company
B, they have the same rights, but belong to different
companies.

I logged in as Bill from Company A, as Bill I have
created a couple of tickets before, I can access them
under the “Open tickets” or “Closed tickets” left
menu, depending on their state.

How come that on the “Goto ticket” input box on the
right side, by typing a ticket number different from
the ones I have created I can access them (provided
they really exists of course), say a ticket requested
by John.

Our company policy is not to let Bill sees John’s
requested tickets.

I have browsed the documentation (included the
ManualRights in the RTwiki) and have found nothing. I
might have missed something.

Does anybody have a solution ?

D�couvrez le nouveau Yahoo! Mail : 250 Mo d’espace de stockage pour vos mails !
Cr�ez votre Yahoo! Mail sur http://fr.mail.yahoo.com/

How come that on the “Goto ticket” input box on the
right side, by typing a ticket number different from
the ones I have created I can access them (provided
they really exists of course), say a ticket requested
by John.

I have browsed the documentation (included the
ManualRights in the RTwiki) and have found nothing. I
might have missed something.

It sounds like Everyone can see tickets.

http://wiki.bestpractical.com/index.cgi?Documentation
Configuration->PrivilegedUsers
Configuration->Rights

Russell Mosemann, Ph.D. * Computing Services * Concordia University, Nebraska
"There aren’t any tomatoes in the sky. Tomatoes don’t get that big."

  • my 4-year-old niece at town safety school discussing tornadoes