In the Best Practice - Incident Resolution Workflow plugin, non-admin users are able to reopen closed incidents through emailDescriptionThe update inbound email action is named "Update Incident (BP)" and is located here:sysevent_in_email_action.do?sys_id=498e10410a0a0b4b007c8c7f63531747.The update inbound email action has the following script: if (email.subject.toLowerCase().indexOf("please reopen") >= 0) { current.incident_state = "2"; current.work_notes = "The caller did not feel that this issue was resolved"; }The action allows a user to reopen an incident marked as Resolved. However, the user can change the subject line of an email to reopen any incident in any state.Steps to Reproduce Log into an instance with the Best Practice - Incident Resolution Workflow plugin activated. Assign an incident to an itil user. Set that itil user's email to your personal email so you receive the notifications. Go into the user's profile and turn on incident notifications. As an admin or maint, close the incident. When your itil user receives the "Your incident INC000XX has been closed' email, click reply and in the subject, insert the following: the incident number the text "please reopen" Click Send. Refresh the incident. After the email message is processed, the incident resets to the Active state. Workaround Go to: https://[YOUR INSTANCE] Find the following code block: if (email.subject.toLowerCase().indexOf("please reopen") >= 0) { current.incident_state = "2"; current.work_notes = "The caller did not feel that this issue was resolved"; } Replace with: if (email.subject.toLowerCase().indexOf("please reopen") >= 0 && current.incident_state == "6") { current.incident_state = "2"; current.comments = "The caller did not feel that this issue was resolved."; } Related Problem: PRB599176