Confusion about See/ModifyCustomField rights

Hello,

I am trying to troubleshoot a problem and I got a little bit confused about
how See/ModifyCustomField privileges work. Both exist as Custom Field rights
as well as Queue rights and they somehow overlap, but it’s not very clear to
me how.

With See/ModifyCustomField set for a group on a queue, I can see and edit
custom fields for any tickets in that queue, but at the same time I can’t
see the same custom fields in search edit - even after selecting a queue
first. With See/ModifyCustomField granted for the same group in the custom
field properties, on the other hand,
RT will show it in search options.

It seems like a similar difference exists in API. With queue rights I can
access and iterate on $Ticket->CustomFields, but creating a custom field
object instance and loading one of the same custom fields by queue and name
fails unless the user has See/Modify rights on the actual field.

Could someone explain how these rights really work?

Best regards,
Maciek

Hello,

I am trying to troubleshoot a problem and I got a little bit confused about
how See/ModifyCustomField privileges work. Both exist as Custom Field
rights
as well as Queue rights and they somehow overlap, but it’s not very clear
to
me how.

With See/ModifyCustomField set for a group on a queue, I can see and edit
custom fields for any tickets in that queue, but at the same time I can’t
see the same custom fields in search edit - even after selecting a queue
first. With See/ModifyCustomField granted for the same group in the custom
field properties, on the other hand,
RT will show it in search options.

It seems like a similar difference exists in API. With queue rights I can
access and iterate on $Ticket->CustomFields, but creating a custom field
object instance and loading one of the same custom fields by queue and name
fails unless the user has See/Modify rights on the actual field.

Could someone explain how these rights really work?

SeeCustomField on Queue level should allow you to see all custom fields
applied to the queue. Implementation is tricky and it’s hard make it work
in all cases. See SetContextObject in RT::CustomField. Basicly code says
that user wants to interact with this custom field in context of
ticket/queue X.

So this feature is incomplete, but so wanted that it’s kept in RT core and
constantly improved to work properly in more and more situations.

Situation you described is actually fixable to some point, but I don’t
remember if we have a fix or not.

Best regards,
Maciek


RT Training in Seattle, June 19-20: Training — Best Practical Solutions

Best regards, Ruslan.