Organization can be edited, although no authorization

7qubit · January 20, 2022, 10:57am

Infos:

Used Zammad version: 5.0.3
Used Zammad installation type: package
Operating system: Ubuntu
Browser + version: Firefox 96

Expected behavior:

Actual behavior:

I noticed that anyone with normal agent permissions can edit organizations even though they do not have “Manage Organization” permissions. Is this a bug or was it just not considered?

Screenshot_1

Steps to reproduce the behavior:

This right does not have to be possessed by all agents, if anyone able to change Organizations name, then the Organizations based triggers become useless.

MrGeneration · January 20, 2022, 12:51pm

We’re pointing that behavior out in the documentation - it’s a intended behavior.
https://admin-docs.zammad.org/en/latest/manage/roles/admin-permissions.html

Updating organizations where needed is one of the tasks of agents - just like creating customers or updating them is.

7qubit · January 20, 2022, 1:32pm

ok, if the authentication is done via ldap, why do the agents need to have the rights to create users ?

MrGeneration · February 25, 2022, 1:04pm

Seems like you didn’t have a look at the documentation, here’s a screenshot of the relevant part that does answer your question:

system · June 25, 2022, 1:04pm

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.