Violetta,
Why is it a security issue? If your privileges are allowing them to go to a user "Preferences", then I understand, but to just know what UserIds are on the system doesn't seem like a big deal to me. Kenn LBNL On 6/18/2009 7:28 AM, Violetta J. Wawryk wrote: > Hi, > > RT is 3.6.1 on a debian system > > we just found out that in the people section everyone who can login can > search for people. So a person who has the following rights: > > CreateTicket > ReplyToTicket > SeeQueue > ShowTicket > > can go to the people section and do a search like: > > userid doesn't contain xyz > > he gets all the users of the RT. Since this is a security issue, is > there anything that I can do to prevent these searches? > > It might be disabled in a newer version, if so which would that be? > > A quick search on the list didn't give me an answer, therefore I have to > ask this. Sorry if it's been on the list before. > > Quick help is really appreciated, thanks in advance!!!! > > Regards > Violetta > > _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com