Organization can be edited, although no authorization


  • Used Zammad version: 5.0.3
  • Used Zammad installation type: package
  • Operating system: Ubuntu
  • Browser + version: Firefox 96

Expected behavior:

Organization can be edited, although no authorization

Actual behavior:

I noticed that anyone with normal agent permissions can edit organizations even though they do not have “Manage Organization” permissions. Is this a bug or was it just not considered?


Steps to reproduce the behavior:

This right does not have to be possessed by all agents, if anyone able to change Organizations name, then the Organizations based triggers become useless.

We’re pointing that behavior out in the documentation - it’s a intended behavior.

Updating organizations where needed is one of the tasks of agents - just like creating customers or updating them is.

ok, if the authentication is done via ldap, why do the agents need to have the rights to create users ?

Seems like you didn’t have a look at the documentation, here’s a screenshot of the relevant part that does answer your question:

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.