How to stop search displaying tickets the user doesn't have permission to see in the results

Hi

I am having a problem where the unowned search is not restricting its
results to only tickets that are in queues the user has the see ticket
permission for. This is causing the unowned ticket list to not display any
tickets in the rt at a glance page if another queue has 10 more recent
unowned tickets in it. It affects any search in rt for example If you search
for something in the quick search you get it saying that 5 tickets matched
the search but only displaying 1 ticket in the list because 4 of the tickets
would be in queues for which the user has no permission to see tickets.

I have gone through global permissions and queue permissions trying to
figure out how I can control this behaviour but not have not been
successful. The ‘see queue’ and ‘show tickets’ permission are only set on a
per queue basis to the group that is working on that queue. I think I must
have broken something though in setting up my permissions as I don’t
remember this being the initial behaviour of the unowned tickets search.

Thanks for any help.

John Habermann
Internet Programmer, System Administrator
The Wilderness Society Inc

Howdy John,

From my understanding this is a “feature” of RT, There isn’t much one can
do about it, the settings aren’t granular enough to cover what a single user
has the right to see, high up on my wish list is something along the lines
of what you are looking for, I would love to be able to limit users to
viewing only tickets in a certian queue, or even better as we run an “open”
system here, the ability to say this user can only view his tickets. But
dreams are dreams, and when you are like me, and I am not a perl coding
maven, there isn’t much you can do about it.

Bill GraboyesOn Tue, May 12, 2009 at 5:05 PM, john habermann < john.habermann@wilderness.org.au> wrote:

Hi

I am having a problem where the unowned search is not restricting its
results to only tickets that are in queues the user has the see ticket
permission for. This is causing the unowned ticket list to not display any
tickets in the rt at a glance page if another queue has 10 more recent
unowned tickets in it. It affects any search in rt for example If you search
for something in the quick search you get it saying that 5 tickets matched
the search but only displaying 1 ticket in the list because 4 of the tickets
would be in queues for which the user has no permission to see tickets.

I have gone through global permissions and queue permissions trying to
figure out how I can control this behaviour but not have not been
successful. The ‘see queue’ and ‘show tickets’ permission are only set on a
per queue basis to the group that is working on that queue. I think I must
have broken something though in setting up my permissions as I don’t
remember this being the initial behaviour of the unowned tickets search.

Thanks for any help.


John Habermann
Internet Programmer, System Administrator
The Wilderness Society Inc
http://www.wilderness.org.au


The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Thanks for your reply Bill

I think I hadn’t noticed this “feature” before because I only had a couple
of people using it but had just added a new user who forwarded a large
number of emails to her queue in rt so that when I next looked at my default
RT page my unowned tickets had disappeared. I did find this thread though

which seemed to indicate that people shouldn’t see tickets in
their unowned list if those tickets where in queues they didn’t have
permission to see. Other emails seemed to indicate that if you only had the
‘Show Ticket’ and ‘See Queue’ permission set on a per queue basis then you
should just be seeing unowned tickets from your queues. I wonder if this is
something new in rt 3.8?On Wed, May 13, 2009 at 10:18 AM, William Graboyes < william.graboyes@theportalgrp.com> wrote:

Howdy John,

From my understanding this is a “feature” of RT, There isn’t much one can
do about it, the settings aren’t granular enough to cover what a single user
has the right to see, high up on my wish list is something along the lines
of what you are looking for, I would love to be able to limit users to
viewing only tickets in a certian queue, or even better as we run an “open”
system here, the ability to say this user can only view his tickets. But
dreams are dreams, and when you are like me, and I am not a perl coding
maven, there isn’t much you can do about it.

Bill Graboyes

On Tue, May 12, 2009 at 5:05 PM, john habermann < john.habermann@wilderness.org.au> wrote:

Hi

I am having a problem where the unowned search is not restricting its
results to only tickets that are in queues the user has the see ticket
permission for. This is causing the unowned ticket list to not display any
tickets in the rt at a glance page if another queue has 10 more recent
unowned tickets in it. It affects any search in rt for example If you search
for something in the quick search you get it saying that 5 tickets matched
the search but only displaying 1 ticket in the list because 4 of the tickets
would be in queues for which the user has no permission to see tickets.

I have gone through global permissions and queue permissions trying to
figure out how I can control this behaviour but not have not been
successful. The ‘see queue’ and ‘show tickets’ permission are only set on a
per queue basis to the group that is working on that queue. I think I must
have broken something though in setting up my permissions as I don’t
remember this being the initial behaviour of the unowned tickets search.

Thanks for any help.


John Habermann
Internet Programmer, System Administrator
The Wilderness Society Inc
http://www.wilderness.org.au


The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

John Habermann
Internet Programmer, System Administrator
The Wilderness Society Inc

I have just found what appears to be a solution for this problem enabling
the UseSQLForACLChecks in your RT_SiteConfig.pm . Once I enabled this the
unowned search now displays only tickets that the user has permission to see
and any searches you run in simple search will return a result that matches
tickets that you have permission to see. The option does warn about possible
performance issues so will see whether I notice any impact on the system. I
am using rt 3.8.2 and mysql 5.0.

cheers
JohnOn Wed, May 13, 2009 at 10:18 AM, William Graboyes < william.graboyes@theportalgrp.com> wrote:

Howdy John,

From my understanding this is a “feature” of RT, There isn’t much one can
do about it, the settings aren’t granular enough to cover what a single user
has the right to see, high up on my wish list is something along the lines
of what you are looking for, I would love to be able to limit users to
viewing only tickets in a certian queue, or even better as we run an “open”
system here, the ability to say this user can only view his tickets. But
dreams are dreams, and when you are like me, and I am not a perl coding
maven, there isn’t much you can do about it.

Bill Graboyes

On Tue, May 12, 2009 at 5:05 PM, john habermann < john.habermann@wilderness.org.au> wrote:

Hi

I am having a problem where the unowned search is not restricting its
results to only tickets that are in queues the user has the see ticket
permission for. This is causing the unowned ticket list to not display any
tickets in the rt at a glance page if another queue has 10 more recent
unowned tickets in it. It affects any search in rt for example If you search
for something in the quick search you get it saying that 5 tickets matched
the search but only displaying 1 ticket in the list because 4 of the tickets
would be in queues for which the user has no permission to see tickets.

I have gone through global permissions and queue permissions trying to
figure out how I can control this behaviour but not have not been
successful. The ‘see queue’ and ‘show tickets’ permission are only set on a
per queue basis to the group that is working on that queue. I think I must
have broken something though in setting up my permissions as I don’t
remember this being the initial behaviour of the unowned tickets search.

Thanks for any help.


John Habermann
Internet Programmer, System Administrator
The Wilderness Society Inc
http://www.wilderness.org.au


The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

John Habermann
Internet Programmer, System Administrator
The Wilderness Society Inc