Hi all, if an unprivileged user click a link to open a ticket, the link below will be shown on browser as URL-address:
https://company.com/SelfService/Display.html?id=493 but if the user try to copy and past this url-adress in an other browser-tab and changes id to 490 as shown below, https://company.com/SelfService/Display.html?id=490 the user is also able to show this ticket too. The problem is that we have a different unprivileged user (company 1, company 2). Unprivileged users of company 1 should only be able to schow their own ticket (not tickets of unprivileged user of company 2), but on RT system we can change permissions for the group unprvivileged users, which (in our case) includes all user of all companies. How can I solve the problem ??? Many thanks in advance !!! Tamodew
Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
