[rt-users] User with no WatchAsAdminCc right was added as AdminCc
Hi One of my privileged users A was able to add another user B as AdminCc even though that second User B does not have the WatchAsAdminCc right as far as I can make out. User B is not privileged. User B does not have any rights for that Queue in Admin/Queues/UserRights.html User B belongs to only one group C directly. Group C is not included in any other. Group C does not have any rights in Admin/Groups/GroupRights.html Group C does not have any rights for that Queue in Admin/Queues/GroupRights.html The WatchAsAdminCc right on that queue is only given to User-defined groups to which User B does not belong either directly or indirectly. If I look at the RightsMatrix for User B, he does not have WatchAsAdminCc right on any queue. If I look at the RightsMatrix for Group C, it does not have WatchAsAdminCc right on any queue. User A has the following rights on that queue C * CommentOnTicket * CreateTicket * ModifyTicket * OwnTicket * ReplyToTicket * SeeQueue * ShowACL * ShowOutgoingEmail * ShowTicket * ShowTicketComments * StealTicket * TakeTicket * Watch * WatchAsAdminCc * *Any ideas where I might have messed up ? Gerard RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 & 6, 2012
Re: [rt-users] User with no WatchAsAdminCc right was added as AdminCc
Using RT 3.8.8 On 2011-12-16 17:24, Gerard FENELON wrote: Hi One of my privileged users A was able to add another user B as AdminCc even though that second User B does not have the WatchAsAdminCc right as far as I can make out. User B is not privileged. User B does not have any rights for that Queue in Admin/Queues/UserRights.html User B belongs to only one group C directly. Group C is not included in any other. Group C does not have any rights in Admin/Groups/GroupRights.html Group C does not have any rights for that Queue in Admin/Queues/GroupRights.html The WatchAsAdminCc right on that queue is only given to User-defined groups to which User B does not belong either directly or indirectly. If I look at the RightsMatrix for User B, he does not have WatchAsAdminCc right on any queue. If I look at the RightsMatrix for Group C, it does not have WatchAsAdminCc right on any queue. User A has the following rights on that queue C * CommentOnTicket * CreateTicket * ModifyTicket * OwnTicket * ReplyToTicket * SeeQueue * ShowACL * ShowOutgoingEmail * ShowTicket * ShowTicketComments * StealTicket * TakeTicket * Watch * WatchAsAdminCc * *Any ideas where I might have messed up ? Gerard RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 & 6, 2012
Re: [rt-users] User with no WatchAsAdminCc right was added as AdminCc
On Fri, Dec 16, 2011 at 05:24:41PM +0100, Gerard FENELON wrote: >Hi > >One of my privileged users A was able to add another user B as AdminCc >even though that second User B does not have the WatchAsAdminCc right as > far as I can make >out. That right only affects your ability to add yourself as an AdminCc User A has ModifyTicket, they can add anyone they want as an AdminCc. -kevin >User B is not privileged. >User B does not have any rights for that Queue in > Admin/Queues/UserRights.html > >User B belongs to only one group C directly. >Group C is not included in any other. >Group C does not have any rights in Admin/Groups/GroupRights.html >Group C does not have any rights for that Queue in > Admin/Queues/GroupRights.html > >The WatchAsAdminCc right on that queue is only given to User-defined > groups to which User B >does not belong either directly or indirectly. > >If I look at the RightsMatrix for User B, he does not have WatchAsAdminCc > right on any queue. >If I look at the RightsMatrix for Group C, it does not have WatchAsAdminCc > right on any queue. > >User A has the following rights on that queue C > > * CommentOnTicket > * CreateTicket > * ModifyTicket > * OwnTicket > * ReplyToTicket > * SeeQueue > * ShowACL > * ShowOutgoingEmail > * ShowTicket > * ShowTicketComments > * StealTicket > * TakeTicket > * Watch > * WatchAsAdminCc > >Any ideas where I might have messed up ? > >Gerard > > RT Training Sessions (http://bestpractical.com/services/training.html) > * Boston ? March 5 & 6, 2012 pgpX54aHQ3m0D.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 & 6, 2012
Re: [rt-users] User with no WatchAsAdminCc right was added as AdminCc
Thanks Kevin Is there a way to prevent this behaviour ? Sometimes I end up with Customers in AdminCc of tickets ... Gerard On 2011-12-19 19:01, Kevin Falcone wrote: On Fri, Dec 16, 2011 at 05:24:41PM +0100, Gerard FENELON wrote: Hi One of my privileged users A was able to add another user B as AdminCc even though that second User B does not have the WatchAsAdminCc right as far as I can make out. That right only affects your ability to add yourself as an AdminCc User A has ModifyTicket, they can add anyone they want as an AdminCc. -kevin User B is not privileged. User B does not have any rights for that Queue in Admin/Queues/UserRights.html User B belongs to only one group C directly. Group C is not included in any other. Group C does not have any rights in Admin/Groups/GroupRights.html Group C does not have any rights for that Queue in Admin/Queues/GroupRights.html The WatchAsAdminCc right on that queue is only given to User-defined groups to which User B does not belong either directly or indirectly. If I look at the RightsMatrix for User B, he does not have WatchAsAdminCc right on any queue. If I look at the RightsMatrix for Group C, it does not have WatchAsAdminCc right on any queue. User A has the following rights on that queue C * CommentOnTicket * CreateTicket * ModifyTicket * OwnTicket * ReplyToTicket * SeeQueue * ShowACL * ShowOutgoingEmail * ShowTicket * ShowTicketComments * StealTicket * TakeTicket * Watch * WatchAsAdminCc Any ideas where I might have messed up ? Gerard RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 & 6, 2012
Re: [rt-users] User with no WatchAsAdminCc right was added as AdminCc
On Mon, Dec 19, 2011 at 07:10:36PM +0100, Gerard FENELON wrote: > Thanks Kevin > > Is there a way to prevent this behaviour ? > Sometimes I end up with Customers in AdminCc of tickets ... User education/training. Otherwise you have to write a Scrip that takes unprivileged users off of tickets (or otherwise modify RT to prevent it). It's quite useful to be able to add someone random as an AdminCc, to grant temporary visibility into 1 ticket in a Queue they would never normally have access to. -kevin > On 2011-12-19 19:01, Kevin Falcone wrote: > >On Fri, Dec 16, 2011 at 05:24:41PM +0100, Gerard FENELON wrote: > >>Hi > >> > >>One of my privileged users A was able to add another user B as AdminCc > >>even though that second User B does not have the WatchAsAdminCc right > >> as far as I can make > >>out. > >That right only affects your ability to add yourself as an AdminCc > >User A has ModifyTicket, they can add anyone they want as an AdminCc. > > > >-kevin > > > >>User B is not privileged. > >>User B does not have any rights for that Queue in > >> Admin/Queues/UserRights.html > >> > >>User B belongs to only one group C directly. > >>Group C is not included in any other. > >>Group C does not have any rights in Admin/Groups/GroupRights.html > >>Group C does not have any rights for that Queue in > >> Admin/Queues/GroupRights.html > >> > >>The WatchAsAdminCc right on that queue is only given to User-defined > >> groups to which User B > >>does not belong either directly or indirectly. > >> > >>If I look at the RightsMatrix for User B, he does not have > >> WatchAsAdminCc right on any queue. > >>If I look at the RightsMatrix for Group C, it does not have > >> WatchAsAdminCc right on any queue. > >> > >>User A has the following rights on that queue C > >> > >> * CommentOnTicket > >> * CreateTicket > >> * ModifyTicket > >> * OwnTicket > >> * ReplyToTicket > >> * SeeQueue > >> * ShowACL > >> * ShowOutgoingEmail > >> * ShowTicket > >> * ShowTicketComments > >> * StealTicket > >> * TakeTicket > >> * Watch > >> * WatchAsAdminCc > >> > >>Any ideas where I might have messed up ? > >>Gerard > > RT Training Sessions (http://bestpractical.com/services/training.html) > * Boston March 5 & 6, 2012 pgp75CKRV04US.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 & 6, 2012
