(RT 3.6.0) Do AdminCC users automatically get the ability to correspond with the Requestor, even when the ReplyToTicket right is de-selected for the role? If so, why is it selectable at all?
I'm trying to restrict things such that only Owners or members of a specific privileged group can reply directly to customers; we generally use the AdminCC role as an escalation mechanism with engineering, and our developers have asked us to make sure that they can't accidentally reply to customers instead of commenting the ticket. I removed ReplyToTicket rights for everyone except Owners, Ccs, Requestors, and our user-defined CSE group, but after some testing it looks like non-CSE staffmembers can still correspond with the Requestor through RT. (I also checked using Todd's excellent RightsMatrix tool, and as far as I can tell nobody has ReplyToTicket who shouldn't.) Am I missing something obvious? -- /Ole Craig Security Engineer Team lead, customer support [EMAIL PROTECTED] 303-381-3802 main support line 303-381-3824 my voicemail 303-381-3880 fax www.stillsecure.com _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
