Re: [rt-users] User with no WatchAsAdminCc right was added as AdminCc

Mon, 19 Dec 2011 10:13:48 -0800 

On Mon, Dec 19, 2011 at 07:10:36PM +0100, Gerard FENELON wrote:
> Thanks Kevin
> 
> Is there a way to prevent this behaviour ?
> Sometimes I end up with Customers in AdminCc of tickets ...

User education/training.

Otherwise you have to write a Scrip that takes unprivileged users off
of tickets (or otherwise modify RT to prevent it).

It's quite useful to be able to add someone random as an AdminCc, to
grant temporary visibility into 1 ticket in a Queue they would never
normally have access to.

-kevin

> On 2011-12-19 19:01, Kevin Falcone wrote:
> >On Fri, Dec 16, 2011 at 05:24:41PM +0100, Gerard FENELON wrote:
> >>    Hi
> >>
> >>    One of my privileged users A was able to add another user B as AdminCc
> >>    even though that second User B does not have the WatchAsAdminCc right 
> >> as far as I can make
> >>    out.
> >That right only affects your ability to add yourself as an AdminCc
> >User A has ModifyTicket, they can add anyone they want as an AdminCc.
> >
> >-kevin
> >
> >>    User B is not privileged.
> >>    User B does not have any rights for that Queue in 
> >> Admin/Queues/UserRights.html
> >>
> >>    User B belongs to only one group C directly.
> >>    Group C is not included in any other.
> >>    Group C does not have any rights in Admin/Groups/GroupRights.html
> >>    Group C does not have any rights for that Queue in 
> >> Admin/Queues/GroupRights.html
> >>
> >>    The WatchAsAdminCc right on that queue is only given to User-defined 
> >> groups to which User B
> >>    does not belong either directly or indirectly.
> >>
> >>    If I look at the RightsMatrix for User B, he does not have 
> >> WatchAsAdminCc right on any queue.
> >>    If I look at the RightsMatrix for Group C, it does not have 
> >> WatchAsAdminCc right on any queue.
> >>
> >>    User A has the following rights on that queue C
> >>
> >>      * CommentOnTicket
> >>      * CreateTicket
> >>      * ModifyTicket
> >>      * OwnTicket
> >>      * ReplyToTicket
> >>      * SeeQueue
> >>      * ShowACL
> >>      * ShowOutgoingEmail
> >>      * ShowTicket
> >>      * ShowTicketComments
> >>      * StealTicket
> >>      * TakeTicket
> >>      * Watch
> >>      * WatchAsAdminCc
> >>
> >>    Any ideas where I might have messed up ?
> >>    Gerard
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Boston  March 5 & 6, 2012

Attachment: pgp75CKRV04US.pgp
Description: PGP signature

--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5 & 6, 2012

Reply via email to