Good morning,
after the upgrade from Znuny 7.1.6 to 7.3.2, we are experiencing a critical anomaly affecting the behavior of the Owner field and the application of ACLs in Znuny 7.3.2 across multiple agent interface screens (e.g. AgentTicketPriority, AgentTicketOwner, and related ticket action screens).
Issue 1
The issue is reproducible across several ticket actions/pages, including AgentTicketPriority, AgentTicketOwner, and AgentTicketResponsible, while bulk actions behave correctly and work without any issue.
Expected behavior
- The Owner field should be empty by default in ticket modification screens
- If the Owner field is mandatory, it should require an explicit user selection
- No implicit assignment should occur without explicit configuration
Current behavior
- The Owner field is automatically prefilled with the current ticket owner (or a fallback account such as “root”)
- This occurs across all standard ticket action screens
- The field remains mandatory, but the default value effectively bypasses the need for manual selection
Impact
- Agents may unintentionally confirm an incorrect owner
- Tickets remain assigned to invalid or unintended accounts (e.g. admin, root, etc.)
- The concept of a mandatory field completely loses its operational purpose
Issue 2
Regarding ACLs, we are also observing inconsistent behavior in the application of Owner-based ACL rules.
Expected behavior
- ACL rules based on the Owner field should be applied consistently across all screens
Current behavior
- ACLs using the Owner field are not consistently applied in standard ticket action screens
- Only the bulk action page appears to correctly enforce Owner-based ACLs
Impact
- Security and process rules are bypassed depending on the screen being used
- Different behavior exists between standard interfaces and bulk actions
- Agents are presented with owner choices that should not be visible in specific contexts
- Potential compliance-related concerns
Based on all performed checks, there does not appear to be any obvious configuration option to:
- control the default value of the Owner field
- disable automatic prepopulation/prefill of the Owner field
This represents a functional inconsistency compared to the behavior observed in previous versions.
At the current state, the inconsistency across the various ticket management screens indicates non-uniform handling of the Owner field state and ACL evaluation, resulting in unpredictable behavior.
We kindly know if:
- Confirmation whether this behavior is intentional or represents a defect
- Restoration of an empty default value for the Owner field
- Consistent ACL enforcement across all ticket action screens
- Any available documentation regarding how to disable automatic Owner field prefilling in AgentTicket actions
Kind regards.
M
Anomaly regarding Owner field behavior and ACL consistency after upgrade to Znuny 7.3.2
Moderator: crythias
-
mderosa
- Znuny newbie
- Posts: 4
- Joined: 19 May 2026, 12:03
- Znuny Version: 7.3.2
- Real Name: Michele De Rosa
Re: Anomaly regarding Owner field behavior and ACL consistency after upgrade to Znuny 7.3.2
Additional information / temporary workaround
At the moment, we have partially mitigated the issue by removing all queue permissions from the account root@localhost.
After removing queue permissions for root@localhost, the Owner field in all ticket assignment and management screens returns to being empty by default, which restores the expected mandatory selection behavior.
This seems to indicate that the automatic Owner prefill mechanism may be falling back to privileged/system accounts when evaluating available owner candidates.
We would also like to thank @shawnbeasley for the valuable suggestion shared in the following community post, even though the original discussion referred to a different issue:
viewtopic.php?p=180128#p180128
In particular, the recommendation:
"Recommended: Remove all queue permissions from root@localhost"
helped us identify the temporary mitigation described above.
It is always great to see how valuable and supportive the Znuny community can be.
However, we have still not identified any viable workaround to restore the correct and consistent behavior of ACLs based on the Owner field.
At the moment, Owner-based ACLs continue to behave inconsistently across standard ticket action screens, while bulk actions remain the only area where ACL enforcement appears to work correctly.
M
At the moment, we have partially mitigated the issue by removing all queue permissions from the account root@localhost.
After removing queue permissions for root@localhost, the Owner field in all ticket assignment and management screens returns to being empty by default, which restores the expected mandatory selection behavior.
This seems to indicate that the automatic Owner prefill mechanism may be falling back to privileged/system accounts when evaluating available owner candidates.
We would also like to thank @shawnbeasley for the valuable suggestion shared in the following community post, even though the original discussion referred to a different issue:
viewtopic.php?p=180128#p180128
In particular, the recommendation:
"Recommended: Remove all queue permissions from root@localhost"
helped us identify the temporary mitigation described above.
It is always great to see how valuable and supportive the Znuny community can be.
However, we have still not identified any viable workaround to restore the correct and consistent behavior of ACLs based on the Owner field.
At the moment, Owner-based ACLs continue to behave inconsistently across standard ticket action screens, while bulk actions remain the only area where ACL enforcement appears to work correctly.
M