Infos:
- Used Zammad version: hosted
- I would bring this up here - maybe someone does have a good solution. Support told me, this is normal behavior.
Expected behavior:
- Hide article objects (like Title, State, Tags) on customers in shared organisations. Or better permission handling for customers in shared organisations. Customer permission should be the same for all customer tickets.
Actual behavior:
- Customers which are in a shared organisation are able to see artikle objectes like Title,State,Tags etc. but not for their own tickets. Only for others in the same Organisation. It’s like an agent permission. So the customer could edit these objects like title, tag etc. At the moment we are able to hide some of these object with core workflows. But this is not possible for Tags. So it wouldn’t be good to use tags in our environment, as the customer could read all the informations.
Steps to reproduce the behavior:
- Setup a shared organistation with multiple users.
- Open tickets for different customers in the same organistation.
- Login with a customers account or use the “view from users perspective”
- Open the ticket for the other customer in the same organisation