User custom field rights enforcement RT 4.4.2

Hi RT users,

We have user cf’s that are being populated by LDAPImport. Unfortunately, even though I have not granted rights to even view them, they show up in their Settings->About me screen and they can update them. They have the ModifySelf right so that they can adjust their settings. In our old 3.8.13 system, they can see them but at least they cannot edit them. How can they be locked down?

Regards,
Ken

Hi,

I can handle the update permissions for the built-in User fields by using the _OverlayAccessible function. There does not appear to be a similar function for the User custom fields. Do you have any ideas about how to lock them down to just the users with the admin right? Per custom field would be great, but even all-or-none would be a big improvement. Thank you for any ideas?

Regards,
Ken