Permission causes wrong search-results

RT Users
1

Hello,

I’m using RT 4.4.0

I found the following problem:
I have a custom field “category” with settings “select one value”. There are 5 possible values.

I build a search for all tickets like the following
Queue = ‘General’ AND Owner = ‘Nobody’ AND ‘CF.{category}’ != ‘one’

I found that the search results ignore the part CF.{category} != ‘one’ and shows all tickets, no matter which category.
I tested with CF.{category} = ‘one’ and this works - it shows all the ticket with category ‘one’

I used the same search with root-user, and it always works as expected - so I thought this would be a problem with permissions.
My default-user has the following permissions on this queue:
“general rights” --> all
"Rights for Staff" --> all but “delete tickets” and “forward messages outside of RT”
“rights for Administrators” --> no permissions

My next try was changing the permissions of the custom field.
I found out that, as soon as the user has the permission “General rights” --> “view custom fields” on the “category”-Custom field, the search is working as expected.

So in short:
Search on the CF with = operator works always,
Search on the CF with != operator works only, if the user has “view custom fields” permission on the custom field.

So I have a possible solution now, but I would like to understand how this error occurs. Is this a bug or a feature?

Best regards
Bernhard

2

Hi,

IMO this is working correctly for the following reason, as far as the
user is concerned the
the custom field does not contain the specified value.

For this situation you would need somthing like:

Queue = ‘General’ AND Owner = ‘Nobody’ AND (‘CF.{category}’ exists AND
‘CF.{category}’ != ‘one’)

Best Regards

MartinOn 2016-06-30 10:39, Eierschmalz, Bernhard wrote:

Hello,

I’m using RT 4.4.0

I found the following problem:

I have a custom field “category” with settings “select one value”.
There are 5 possible values.

I build a search for all tickets like the following

Queue = ‘General’ AND Owner = ‘Nobody’ AND ‘CF.{category}’ != ‘one’

I found that the search results ignore the part CF.{category} != ‘one’
and shows all tickets, no matter which category.

I tested with CF.{category} = ‘one’ and this works - it shows all the
ticket with category ‘one’

I used the same search with root-user, and it always works as expected

  • so I thought this would be a problem with permissions.

My default-user has the following permissions on this queue:

“general rights” à all

“Rights for Staff” à all but “delete tickets” and “forward messages
outside of RT”

“rights for Administrators” à no permissions

My next try was changing the permissions of the custom field.

I found out that, as soon as the user has the permission “General
rights” à “view custom fields” on the “category”-Custom field, the
search is working as expected.

So in short:

Search on the CF with = operator works always,

Search on the CF with != operator works only, if the user has “view
custom fields” permission on the custom field.

So I have a possible solution now, but I would like to understand how
this error occurs. Is this a bug or a feature?

Best regards

Bernhard

RT 4.4 and RTIR Training Sessions https://bestpractical.com/training

  • Los Angeles - September, 2016
3

Hi,

I’m sorry but this doesn’t work - Request tracker sais “wrong query” if I try to run the search with “‘CF.{category}’ exists”

Message is: Wrong query, expecting a OPERATOR in … AND ‘CF.{category}’ >exists<–here’Von: Martin Wheldon [mailto:martin.wheldon@greenhills-it.co.uk]
Gesendet: Donnerstag, 30. Juni 2016 16:12
An: Eierschmalz, Bernhard
Cc: rt-users@lists.bestpractical.com
Betreff: Re: [rt-users] Permission causes wrong search-results

Hi,

IMO this is working correctly for the following reason, as far as the user is concerned the the custom field does not contain the specified value.

For this situation you would need somthing like:

Queue = ‘General’ AND Owner = ‘Nobody’ AND (‘CF.{category}’ exists AND ‘CF.{category}’ != ‘one’)

Best Regards

Martin

4

Hey There I think you need to use

“NOT LIKE”

IE
Queue = ‘General’ AND Owner = ‘Nobody’ AND (‘CF.{category}’ exists AND ‘CF.{category}’ NOT LIKE ‘one’)

Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 Ext. 2296 • 262-783-6261 Ext. 2296
bbaker@copesan.com

"Servicing North America with Local Care"From: rt-users [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Eierschmalz, Bernhard
Sent: Thursday, June 30, 2016 10:03 AM
To: martin.wheldon@greenhills-it.co.uk
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Permission causes wrong search-results

Hi,

I’m sorry but this doesn’t work - Request tracker sais “wrong query” if I try to run the search with “‘CF.{category}’ exists”

Message is: Wrong query, expecting a OPERATOR in … AND ‘CF.{category}’ >exists<–here’

Von: Martin Wheldon [mailto:martin.wheldon@greenhills-it.co.uk]
Gesendet: Donnerstag, 30. Juni 2016 16:12
An: Eierschmalz, Bernhard
Cc: rt-users@lists.bestpractical.com
Betreff: Re: [rt-users] Permission causes wrong search-results

Hi,

IMO this is working correctly for the following reason, as far as the user is concerned the the custom field does not contain the specified value.

For this situation you would need somthing like:

Queue = ‘General’ AND Owner = ‘Nobody’ AND (‘CF.{category}’ exists AND ‘CF.{category}’ != ‘one’)

Best Regards

Martin

5

Hi,

thanks for your support
NOT LIKE-operator also doesn’t work correctly.

I know very well about permissions and search function. I also tried to create the search with the assistant - same issue (because the assistant creates the same query).

I cannot believe this is a normal issue - because

  • if I run the same search with a different user, it works. This is the reason why I think the search query is correct
  • if I run the same search with = instead of != (or NOT LIKE) operator, it works (of course with a different result). This is the reason why I think the permissions on the custom field is correct.

best regards
BernhardVon: Bryon Baker [mailto:bbaker@copesan.com]
Gesendet: Donnerstag, 30. Juni 2016 17:20
An: Eierschmalz, Bernhard; martin.wheldon@greenhills-it.co.uk
Cc: rt-users@lists.bestpractical.com
Betreff: RE: [rt-users] Permission causes wrong search-results

Hey There I think you need to use

“NOT LIKE”

IE
Queue = ‘General’ AND Owner = ‘Nobody’ AND (‘CF.{category}’ exists AND ‘CF.{category}’ NOT LIKE ‘one’)

Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 Ext. 2296 • 262-783-6261 Ext. 2296 bbaker@copesan.com www.copesan.com “Servicing North America with Local Care”

From: rt-users [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Eierschmalz, Bernhard
Sent: Thursday, June 30, 2016 10:03 AM
To: martin.wheldon@greenhills-it.co.uk
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Permission causes wrong search-results

Hi,

I’m sorry but this doesn’t work - Request tracker sais “wrong query” if I try to run the search with “‘CF.{category}’ exists”

Message is: Wrong query, expecting a OPERATOR in … AND ‘CF.{category}’ >exists<–here’

Von: Martin Wheldon [mailto:martin.wheldon@greenhills-it.co.uk]
Gesendet: Donnerstag, 30. Juni 2016 16:12
An: Eierschmalz, Bernhard
Cc: rt-users@lists.bestpractical.com
Betreff: Re: [rt-users] Permission causes wrong search-results

Hi,

IMO this is working correctly for the following reason, as far as the user is concerned the the custom field does not contain the specified value.

For this situation you would need somthing like:

Queue = ‘General’ AND Owner = ‘Nobody’ AND (‘CF.{category}’ exists AND ‘CF.{category}’ != ‘one’)

Best Regards

Martin