Skip to main content
  • EN

Hi

 

I found a bug in the inventory module. It seems that even if an agent does not have permission to manage agents they can still go to an agent profile from the inventory view.  This does not look like intended behavior. See below:

 

Give an agent inventory permission

 

 

 

Make sure that the agent does not have the manage agents admin permission

 

 

Go to inventory and filter by another agent that has an associated asset (used by)

 

 

The returned assets have URLs pointing towards the agent in the Used By column

 

 

 

Hovering the name (should give a preview i think) breaks the page, renders the menu on top of list

 

 

Clicking on the name takes you to the profile of that agent

 

How is that any different from an agent filtering the ticket view for where another agent is the requester, then clicking on the agents name?

How is that any different from an agent filtering the ticket view for where another agent is the requester, then clicking on the agents name?

I believe the results are the same in these cases yes

Hi ​@MaxJ,

Could you please check if this behavior is still occurring? We are currently seeing the error message, "You are not allowed to access this page."

If you’re still able to replicate the issue—where agents can view other agent profiles via inventory used by filter without having Manage Agents access—please reach out to our support team.

We’ll be happy to investigate this further and assist you accordingly.

Reply


Terms of Use