Re: [rt-users] Confidentiality issue when customers searching by ticket number

[Aurelien Lafranchise]

You are totally right. Thanks for your help and the tool that I did not know. Aurélien Lafranchise Network Operations Manager Mob.:  +33 (0)6 03 88 36 26 Fax:    +33 (0)4 83 33 45 61 eMail:  aurelien.lafranch...@mobiquithings.com Web:   http://www.mobiquithings.com Le 19 sept. 2013 à 20:20, Ruslan Zakirov <r...@bestpractical.com> a écrit : You should grant ShowTicket via Requestor role for your customers rather than via direct granting to a group. Use http://search.cpan.org/~ruz/RT-Extension-Utils-0.06/sbin/rt-check-user-right-on-ticket to check how particular user gets a right to a ticket. On Thu, Sep 19, 2013 at 3:08 PM, Aurelien Lafranchise <aurelien.lafranch...@mobiquithings.com> wrote: Hello all, I am facing a confidentiality problem on my RT instance. My customers have access to RT to create ticket. In the interface they have a search field they can use to go to a ticket number. The problem is that they can put a ticket number and see the ticket even if it not one of their tickets. I cannot find anywhere in the documentation or google any start of explanation on that. Also all my customers are under the same group. Thanks for your help Regards. AL -- RT Training in New York, October 8th and 9th: http://bestpractical.com/training -- Best regards, Ruslan.

-- 
RT Training in New York, October 8th and 9th: http://bestpractical.com/training