Restricted technicians can see all tickets

Restricted technicians can see all tickets

I may have found a security bug.

1.  I have all tickets in the 'Not associated to any site' (I don't use sites).
2.  ServiceDesk is deployed for our entire IT department (Help Desk, Dev support, Web Services, etc).  Techs are placed in each of these groups.
3.  If I create a requester, and promote him to a technician, he can see all tickets in all groups even though his only role is SDGuest and he is not associated to any groups.

  • If the only role is SDGuest, should that not restrict the access to only the tickets entered by the tech?
  • I tried creating a seperate role, and specifically selected 'All in group & assigned to him', but the tech could still see everything.
  • I am doing this so I can grant the Support Group Managers access to the dashboard to see their group statistics without seeing the entire IT department.







        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products