I found the same thing and tried to use permission on the applications to reduce the potential issue. The client decided they wanted a large button in the middle of the home page that will take the requesters to the Requester Console and this has eliminated any one trying the other urls in the application list since most users just want their problem fixed and they don't dig like us technology people.
-----Original Message----- From: Joe D'Souza <[EMAIL PROTECTED]> To: [email protected] Sent: Tue, 5 Jun 2007 6:10 pm Subject: Design???? Feature??? Oversight?? Bug? First of all I am using ARS V7.0.1 Patch 002 and ITSM apps (the whole shebang) V7 patch 003.. We are on SQL server 2K5 SP2 and on Windows 2K3 SP 2 as well. If I log into the system using a read user who has restricted access in the system I see the Application Administration Console link. I can click on this link and that does take me to the next administration page.. here off course it restricts me from going further complaining that I don't have admin rights if I try to click on any of the Create or View buttons/URL's. Why are read users even allow to go so far though? Is it by design that they have allowed users to go that far? Is there some sort of benefit that I am overseeing? Another area where users are able to intrude where they should have not been able to go to are certain parts of the Foundation Elements.. These users can click the Overview Console link of the Foundation Elements, and see Other Applications, pull down that menu and click on links like Incident Management and then get errors like "ARERR [353] You have no access to form : HPD:Incident Management Console" They can even click on the CMDB link here and navigate to most parts of the CMDB consoles and get those no access errors there again but some of the consoles are open to these users.. Can any of you guys running these same applications, reproduce this or is it just me? Joe PS: Most of my users have been mass loaded using a utility provided by Remedy that I once discussed about about 3 weeks ago. But even the users that have been manually created as read users with restricted access exhibit the above... No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.472 / Virus Database: 269.8.7/830 - Release Date: 6/3/2007 12:47 PM _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are" ________________________________________________________________________ AOL now offers free email to everyone. Find out more about what's free from AOL at AOL.com. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
