- Multi-Tenant environment.
- Mobile Access enabled.
End users from a specific tenant are being able to access ticket from other tenants. It causes a lot of security concerns, because customers use CA Service Management for different internal customers and related end users.
When implementing CA Service Management Mobile Application, pay attention to the Access Types and Roles you have configured. When configuring the related Access Types, the field "REST Web Service API Role" manages the security layer for the mobile access. Depending the way you set the role intended to that field, end users will be able to access ticket from other tenants.