Description of Problem: I've been testing out bugzilla as a 'customer' rather than a net user. Alex created the group "eCos ASCOM PLC Contract" and i have permission to make bugs only visiable to members of that group. I can put any bug into the group, not just me own. eg look at Alexs' bug report for the security violation where i got complete access. Thats now only visiable to "eCos ASCOM PLC contract". Version-Release number of selected component (if applicable): Current How Reproducible: one for one Steps to Reproduce: 1. Login as me 2. Select a bug 3. hit the cross box 4. Save the changes
Yes this is true. One thing that will probably help is that with the next release of Bugzilla, only people who are the reporter or assigned_to will be able make changes to a bug report unless they belong to a special group called 'editallbugs' so that will keep you from being able to change the permission levels of other people's bugs. Until then since it is not a trivial fix we will work on the honor system.