Hi,
I found the solution. The right "ShowTicket" must be granted to Requestor
Role and not to Unpriviledged group.
Regards.
Thep SYKHEO Direction des Systèmes d'Information - IT
Department
tél : +33 (0) 1 46 25 60 41 - fax : +33 (0) 1 46 25 66 60
[EMAIL PROTECTED]
DEGREMONT, Groupe SUEZ
Les spécialistes du traitement d'eau - Water treatment
specialists
183, avenue du 18 juin 1940 - 92508 Rueil-Malmaison Cedex
France
http://www.degremont.com
Todd Chapman
<[EMAIL PROTECTED]>
To
27/06/2006 16:17 [EMAIL PROTECTED]
cc
[email protected]
Subject
Re: [rt-users] Why an unpriviledge
user can see any ticket ?
The RTx::RightsMatric extension should be able to tell you how
the unpriviledged group is getting the ShowTicket right.
On Tue, Jun 27, 2006 at 03:08:46PM +0200, [EMAIL PROTECTED] wrote:
>
>
>
>
> Hi,
>
> I am testing RT 3.4.5. When I connect as an unpriviledged user , I can
> select "Goto ticket" button and see a ticket which is not mine.
> This is not very secure. How can I prevent this ?
>
> Thanks in advance.
>
>
>
> Thep SYKHEO Direction des Systèmes d'Information - IT
> Department
>
> tél : +33 (0) 1 46 25 60 41 - fax : +33 (0) 1 46 25 66 60
>
> [EMAIL PROTECTED]
>
>
>
> DEGREMONT, Groupe SUEZ
>
> Les spécialistes du traitement d'eau - Water treatment
> specialists
>
> 183, avenue du 18 juin 1940 - 92508 Rueil-Malmaison Cedex
> France
>
> http://www.degremont.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> This message and all attachments are confidential and intended solely for
> the addressees.
>
>
> Any use not in accord with its purpose, any dissemination or disclosure,
> either whole or partial, is prohibited except formal approval.
>
>
> If you receive this message in error, please delete it and immediately
> notify the sender.
>
>
> Neither Degremont Group nor any of its subsidiaries or affiliates shall
be
> liable for the message if altered, changed or falsified.
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: [EMAIL PROTECTED]
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
>
> We're hiring! Come hack Perl for Best Practical:
http://bestpractical.com/about/jobs.html
This message and all attachments are confidential and intended solely for
the addressees.
Any use not in accord with its purpose, any dissemination or disclosure,
either whole or partial, is prohibited except formal approval.
If you receive this message in error, please delete it and immediately
notify the sender.
Neither Degremont Group nor any of its subsidiaries or affiliates shall be
liable for the message if altered, changed or falsified.
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
We're hiring! Come hack Perl for Best Practical:
http://bestpractical.com/about/jobs.html
