Znuny Open Source Ticketsystem

I already did that for customer groups other then "Customer Manager".

But I still need help in putting a filter direct in the code, as I stated in my last reply.

Thanks.

I got the idea about the actual design and this is exaclty what I need to change. This is not the right way to implement this in my point of view. What I ask myself with this situation is what is the purpose of letting you hide the button, but let all the information the button displays, free to con...

I gave up trying to block the access using Apache because just now I realized that using the search button the regular users still can find and access all tickets, doing a simple * search. Please, I need a solution for this to go live with OTRS, as this is not acceptable in our environment and clien...

I think there should be an option for disable this access once you activate it. Is there a way to ask for this? Crythias, just as a suggestion, maybe you should comment this on your original post, because I'm sure most peopel will have the wrong idea that the access to the regular user is blocked at...

jojo wrote:thats how the frontend was designed. there is no extra config for hiding company tickets for users with the same company id

Do you have any idea of how to deny this access, even if it needs some changes in direct in the code?

crythias wrote:It seems you would be correct with regard to all of the above.

So, you think it's expected or is this really a security issue?

Any ideas on how we could block that?

Hello. I was looking for a way to restrict customers to see only their own tickets and a customer manager to be able to see all tickets from same Company in the customer web interface. I could make this work following the post "CustomerID/CustomerIDs/Customer Groups" , however I found out ...