Hi,
I found the solution. The right “ShowTicket” must be granted to Requestor
Role and not to Unpriviledged group.
Regards.
Thep SYKHEO Direction des Systèmes d’Information - IT
Department
tél : +33 (0) 1 46 25 60 41 - fax : +33 (0) 1 46 25 66 60
thep.sykheo@degremont.com
DEGREMONT, Groupe SUEZ
Les spécialistes du traitement d’eau - Water treatment
specialists
183, avenue du 18 juin 1940 - 92508 Rueil-Malmaison Cedex
France
http://www.degremont.com
Todd Chapman
<todd@chaka.net>
To
27/06/2006 16:17 thep.sykheo@degremont.com
cc
rt-users@lists.bestpractical.com
Subject
Re: [rt-users] Why an unpriviledge
user can see any ticket ?
The RTx::RightsMatric extension should be able to tell you how
the unpriviledged group is getting the ShowTicket right.
Hi,
I am testing RT 3.4.5. When I connect as an unpriviledged user , I can
select “Goto ticket” button and see a ticket which is not mine.
This is not very secure. How can I prevent this ?
Thanks in advance.
Thep SYKHEO Direction des Systèmes d’Information - IT
Department
tél : +33 (0) 1 46 25 60 41 - fax : +33 (0) 1 46 25 66 60
thep.sykheo@degremont.com
DEGREMONT, Groupe SUEZ
Les spécialistes du traitement d’eau - Water treatment
specialists
183, avenue du 18 juin 1940 - 92508 Rueil-Malmaison Cedex
France
http://www.degremont.com
This message and all attachments are confidential and intended solely for
the addressees.
Any use not in accord with its purpose, any dissemination or disclosure,
either whole or partial, is prohibited except formal approval.
If you receive this message in error, please delete it and immediately
notify the sender.
Neither Degremont Group nor any of its subsidiaries or affiliates shall
be
liable for the message if altered, changed or falsified.
The rt-users Archives
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com
Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
We’re hiring! Come hack Perl for Best Practical:
Careers — Best Practical Solutions
This message and all attachments are confidential and intended solely for
the addressees.
Any use not in accord with its purpose, any dissemination or disclosure,
either whole or partial, is prohibited except formal approval.
If you receive this message in error, please delete it and immediately
notify the sender.
Neither Degremont Group nor any of its subsidiaries or affiliates shall be
liable for the message if altered, changed or falsified.