Befuddling permissions problem

So, I’ve got this really befuddling permissions problem now with my
RT 3.6.1 setup. I’ve got two queues, and four classes of users. The
queues are “Customer/Production” and “Internal IT”. The four classes of
users are “Users”, “Customers”, “Product Managers”, and “Operations”.
Customers should not be able to see anything but their own tickets in
the “Customer/Production” queue (they don’t even know the Internal IT
queue exists), “Users” should be able to create tickets in the
"Customer/Production" queue and in the “Internal IT” queue, but only be
able to see tickets that they are requestors, watchers, or cc’ers of.
Production managers should be able to see everything in both queues but
not comment on them, and Operations should be able to do everything.

Currently, I’ve got no rights granted for the queue “Internal IT” for
the system groups “Everyone, Privileged, and Unprivileged”. CC, Owner,
AdminCC, and Requestor all have "“ShowTicket”, and "ReplyToTicket"
applied, and Users have “CreateTicket” “ReplyTicket” and "ShowTicket"

With the above permissions, I create a ticket as my user (who is in
the operations group) and add a user “joe” as a CC. Unfortunately, that
user cannot see the ticket I created for him. However, if he searches
for the ticket number he can view it no problem. To the best of my
knowledge, there are no other permissions applied on a per-user,
per-group, or per-queue basis, has anyone else experienced something
like this?