SuperUser and owner lists

RT Users
1

Hi,

We’ve upgraded to 4.4.2 and are now implementing a few changes.

To follow best security practices, we want to make sure that users have the least privileges for their day-to-day role. To that end we’ve removed the SuperUser right from a test user and created them a new account which has just SuperUser, it has no email address and is not a member of any groups.

Unfortunately, this user shows up in the dropdown list for assigning tickets to owners across all queues.

Whilst we can try and manage these via our processes, it would be a lot better if we can exclude these SuperUsers from the list to prevent accidental assignment.

Is this possible and if not, could it be added as a feature request, such that the owner list only includes SuperUsers that would otherwise be included by their membership of relevant access groups ?

Alternatively, is there another way to achieve this separation of privilege ?

Many thanks,

Simon.

2

Hi @SimonW , I’m starting with RT (5.0.5) and I’ve seen the same behavior despite this document says that in RT 3.2 version, SuperUsers aren’t shown in Owner Listings.
I’ve been digging in the code and I’ve deleted today the line number 75 in the file share/html/Elements/SelectOwnerDropdown leaving the code like this:

    $Users->WhoHaveRight(
        Right               => 'OwnTicket',
        Object              => $object,
        IncludeSystemRights => 1
    );

Now, SuperUsers are not shown :+1: . I don’t know if this can lead to new issues, but I’ll give it a try. Did you find any other solution?