Hello, list. I've come across a problem I can't overcome. Suppose I have a request to reset a password on some account for a user due to account locked or password forgotten. I thought I could communicate the new password to a user using external-email or external-note article. But it is really too dangerous to do that!
The whole company tickets collection is searchable! I could find no way control access to the tickets in one CustomerID except one using queues. The queues are used for different purpose usually. The alternative is to quit using CustomerID and treat every user as individual customer. This is not convenient either as some bosses at customers want to watch the requests of their subordinates. This is the simplest example that comes to mind. There is a lot more sensitive information circulating in the process of IT Service Delivery that should not be shared across entire customer. I would be grateful for suggestions to solve this security issue. Regards, Anton Gubarkov.
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
