Uploaded image for project: 'AppFormer'
  1. AppFormer
  2. AF-2397

Deletion of group from Business Central UI does not remove group from the security-policy.properties file

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • None
    • None
    • None
    • 2019 Week 50-52 (from Dec 9), 2020 Week 01-03 (from Dec 30), 2020 Week 04-06 (from Jan 20)
    • Hide

      1. Log in to Business Central UI as admin user and create a completely new group (use the name that hasn't been used before);
      2. Confirm that this group will have disabled all permissions for "Pages" by default;
      3. Change some permissions for this group and save the change (this can be done only by enabling "Read" permission for "Pages");
      4. Delete this group from Business Central;
      5. Navigate to $RHPAM_HOME/bin/.niogit/system;
      6. Perform:
      *****************************
      git clone security.git
      *****************************
      7. Navigate to: security/authz, open security-policy.properties file and confirm that previously deleted group still exists in this file.

      This is why, when again a new group is created using the same name as the group that was deleted, it will have all the permissions enabled as the old group.

      Show
      1. Log in to Business Central UI as admin user and create a completely new group (use the name that hasn't been used before); 2. Confirm that this group will have disabled all permissions for "Pages" by default; 3. Change some permissions for this group and save the change (this can be done only by enabling "Read" permission for "Pages"); 4. Delete this group from Business Central; 5. Navigate to $RHPAM_HOME/bin/.niogit/system; 6. Perform: ***************************** git clone security.git ***************************** 7. Navigate to: security/authz, open security-policy.properties file and confirm that previously deleted group still exists in this file. This is why, when again a new group is created using the same name as the group that was deleted, it will have all the permissions enabled as the old group.
    • Workaround Exists
    • Hide

      To workaround this, delete information regarding deleted group from the security-policy.properties file... for instance:

      **********************************************
      group.test.home=HomePerspective
      group.test.permission.asset.promote=false
      group.test.permission.dataobject.edit=false
      group.test.permission.editor.read=true
      group.test.permission.editor.read.DMNDiagramEditor=false
      group.test.permission.editor.read.GuidedDecisionTreeEditorPresenter=false
      group.test.permission.editor.read.GuidedScoreCardEditor=false
      group.test.permission.editor.read.ScenarioSimulationEditor=false
      group.test.permission.editor.read.ScoreCardXLSEditor=false
      ...
      **********************************************
      Save the file and then commit the change ... :

      ***********************************************
      [user@user authz]$ cd ..
      [user@user security]$ git add --all
      [user@user security]$ git commit -m "Edit security-policy.properties file"
      [user@user security]$ git push --force
      ***********************************************

      Finally, restart the server.

      Show
      To workaround this, delete information regarding deleted group from the security-policy.properties file... for instance: ********************************************** group.test.home=HomePerspective group.test.permission.asset.promote=false group.test.permission.dataobject.edit=false group.test.permission.editor.read=true group.test.permission.editor.read.DMNDiagramEditor=false group.test.permission.editor.read.GuidedDecisionTreeEditorPresenter=false group.test.permission.editor.read.GuidedScoreCardEditor=false group.test.permission.editor.read.ScenarioSimulationEditor=false group.test.permission.editor.read.ScoreCardXLSEditor=false ... ********************************************** Save the file and then commit the change ... : *********************************************** [user@user authz] $ cd .. [user@user security] $ git add --all [user@user security] $ git commit -m "Edit security-policy.properties file" [user@user security] $ git push --force *********************************************** Finally, restart the server.
    • NEW
    • NEW

    Description

      Group that is deleted from Business-Central UI stays in the security-policy.properties file and can change permissions for the users that are not authenticated using properties file (for instance ldap users).

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. RHPAM-2487 Deletion of group from Business Central UI does not remove group from the security-policy.properties file

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              r_anand Rishiraj Anand (Inactive)
              eignatow Eder Ignatowicz
              Barbora Siskova Barbora Siskova
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: