Zammad 3.0.1 from package @ Centos 7.
Hello. As I can see, if agent has permission “user” (manage users) it can:
-create new customer
-create new agent
-create new agent/customer with whatever it likes permissions.
-edit whatever it want for all user of Zammad
-disable any user of Zammad
Is it a little overkill in terms of permissions control?
In my opinion, we need very simple rule:
- agent can manage customers data
- only admin may manage admins and agents
Any comments? Am I missed something?