Uploaded image for project: 'AppFormer'
  1. AppFormer
  2. AF-2397

Deletion of group from Business Central UI does not remove group from the security-policy.properties file

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Sprint:
      2019 Week 50-52 (from Dec 9), 2020 Week 01-03 (from Dec 30), 2020 Week 04-06 (from Jan 20)
    • Steps to Reproduce:
      Hide

      1. Log in to Business Central UI as admin user and create a completely new group (use the name that hasn't been used before);
      2. Confirm that this group will have disabled all permissions for "Pages" by default;
      3. Change some permissions for this group and save the change (this can be done only by enabling "Read" permission for "Pages");
      4. Delete this group from Business Central;
      5. Navigate to $RHPAM_HOME/bin/.niogit/system;
      6. Perform:
      *****************************
      git clone security.git
      *****************************
      7. Navigate to: security/authz, open security-policy.properties file and confirm that previously deleted group still exists in this file.

      This is why, when again a new group is created using the same name as the group that was deleted, it will have all the permissions enabled as the old group.

      Show
      1. Log in to Business Central UI as admin user and create a completely new group (use the name that hasn't been used before); 2. Confirm that this group will have disabled all permissions for "Pages" by default; 3. Change some permissions for this group and save the change (this can be done only by enabling "Read" permission for "Pages"); 4. Delete this group from Business Central; 5. Navigate to $RHPAM_HOME/bin/.niogit/system; 6. Perform: ***************************** git clone security.git ***************************** 7. Navigate to: security/authz, open security-policy.properties file and confirm that previously deleted group still exists in this file. This is why, when again a new group is created using the same name as the group that was deleted, it will have all the permissions enabled as the old group.
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      To workaround this, delete information regarding deleted group from the security-policy.properties file... for instance:

      **********************************************
      group.test.home=HomePerspective
      group.test.permission.asset.promote=false
      group.test.permission.dataobject.edit=false
      group.test.permission.editor.read=true
      group.test.permission.editor.read.DMNDiagramEditor=false
      group.test.permission.editor.read.GuidedDecisionTreeEditorPresenter=false
      group.test.permission.editor.read.GuidedScoreCardEditor=false
      group.test.permission.editor.read.ScenarioSimulationEditor=false
      group.test.permission.editor.read.ScoreCardXLSEditor=false
      ...
      **********************************************
      Save the file and then commit the change ... :

      ***********************************************
      [user@user authz]$ cd ..
      [user@user security]$ git add --all
      [user@user security]$ git commit -m "Edit security-policy.properties file"
      [user@user security]$ git push --force
      ***********************************************

      Finally, restart the server.

      Show
      To workaround this, delete information regarding deleted group from the security-policy.properties file... for instance: ********************************************** group.test.home=HomePerspective group.test.permission.asset.promote=false group.test.permission.dataobject.edit=false group.test.permission.editor.read=true group.test.permission.editor.read.DMNDiagramEditor=false group.test.permission.editor.read.GuidedDecisionTreeEditorPresenter=false group.test.permission.editor.read.GuidedScoreCardEditor=false group.test.permission.editor.read.ScenarioSimulationEditor=false group.test.permission.editor.read.ScoreCardXLSEditor=false ... ********************************************** Save the file and then commit the change ... : *********************************************** [user@user authz] $ cd .. [user@user security] $ git add --all [user@user security] $ git commit -m "Edit security-policy.properties file" [user@user security] $ git push --force *********************************************** Finally, restart the server.
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Group that is deleted from Business-Central UI stays in the security-policy.properties file and can change permissions for the users that are not authenticated using properties file (for instance ldap users).

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  r_anand Rishiraj Anand
                  Reporter:
                  ederign Eder Ignatowicz
                  Tester:
                  Barbora Siskova
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: