Restricting who can see what in the Jobs list?

[Jeremy Koppel]

I'm setting up a new instance of CUPS in a Gentoo VM (version 1.3.8), and am 
trying to modify the default policy.  By default, everyone can see all the 
active and completed jobs, and for our shared environment, this is not 
ideal.  I would like the owner of a job to be able to see their active and 
completed jobs, and only allow specific users to see all the jobs.

Based on the documentation, it looked like I needed to specify the Get-Jobs 
and / or Get-Job-Attributes Operation(s), so I added them to the Job-related 
operations subsection:

# Job-related operations must be done by the owner or an administrator...
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs 
Set-Job-Attributes Create-Job-Subscription Renew-Subscription 
Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job 
Suspend-Current-Job Resume-Job CUPS-Move-Job Get-Jobs Get-Job-Attributes>
    Require user @OWNER @SYSTEM @wheel @IT
    Order deny,allow
  </Limit>


But while the other Operations seem to be working (for example, a user not 
in a group with elevated privileges cannot cancel jobs that they don't own), 
I don't get the behavior I expected from Get-Jobs.  Instead of promting for 
authentication, it simply removes the "Show Completed Jobs" and "Show All 
Jobs" links fro the printer's page, and the main Jobs tab.

I get the same behavior if I instead make my own subsection like this:

<Limit Get-Jobs Get--Job-Attributes>
    AuthType Basic
    Require user @OWNER @SYSTEM @wheel @IT
    Order deny,allow
</Limit>


How can I restrict this list the way I'm looking for?

--Jeremy