7304434

RSS Feed Security Issue

Discussion created by 7304434 on Jan 5, 2015
Latest reply on Jan 8, 2015 by Nir Tzur
When exporting a report to an RSS feed, and using the feed in an external application (i.e. Reeder 2 for OSX), it will show all tickets, regardless of permissions set for a particular account.  I ran into this while trying to set up an aggregator to monitor all of our queues.  I then began seeing another departments ticket queues.  When you try to click on a link to view the entire ticket, you are forced to login, and all permissions are applied.  Refreshing the feed after logging in will apply the permissions to it as well.  The issue is how do we restrict what unauthenticated users see?  Our queue isn't "Top Secret", but considering we're looking to roll our HR department into this application, we'd need to restrict the viewing of their tickets.  If this is a setting I overlooked, then I apologize, but I couldn't find it when I looked.  Thanks in advance.

Outcomes