Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-3375

permission configured in business-central is not applied when doing git clone from outside of BC

    XMLWordPrintable

Details

    • CR2
    • Hide
      1. login BC with admin user (e.g. rhpamAdmin)
      2. go do Admin-> Roles( security management), remove permission of Space and Project from 'developer' role ( i.e. no permission for Space and Project). see attached screenshot (permission.png)
      3. create 2 name spaces(say space1 and space2) and create 2 projects (proj1 in space1 and proj2 in space2) in these space respectively
      4. create user who has only developer role
      5. add this user as contributor to one of project (say proj1)
      6. login BC with this developer user
        => only space1/proj1 is shown ( space2/proj2 is not shown)
      7. in command terminal, try to clone these projects like the following and authenticate with this developer user
        $ git clone http://localhost:8080/business-central/git/space1/proj1
        => this works as expected.
        $ git clone http://localhost:8080/business-central/git/space2/proj2
        => This should be rejected but works even though it's not shown in business-central
      Show
      login BC with admin user (e.g. rhpamAdmin) go do Admin-> Roles( security management), remove permission of Space and Project from 'developer' role ( i.e. no permission for Space and Project). see attached screenshot (permission.png) create 2 name spaces(say space1 and space2) and create 2 projects (proj1 in space1 and proj2 in space2) in these space respectively create user who has only developer role add this user as contributor to one of project (say proj1) login BC with this developer user => only space1/proj1 is shown ( space2/proj2 is not shown) in command terminal, try to clone these projects like the following and authenticate with this developer user $ git clone http://localhost:8080/business-central/git/space1/proj1 => this works as expected. $ git clone http://localhost:8080/business-central/git/space2/proj2 => This should be rejected but works even though it's not shown in business-central
    • 2021 Week 10-12 (from Mar 8), 2021 Week 13-15 (from Mar 29), 2021 Week 16-18 (from Apr 19), 2021 Week 19-21 (from May 10), 2021 Week 22-24 (from May 31), 2021 Week 25-27 (from Jun 21), 2021 Week 28-30 (from Jul 12), 2021 Week 31-33 (from Aug 2), 2021 Week 34-36 (from Aug 23), 2021 Week 37-39 (from Sep 13)
    • +

    Description

      In order to restrict access to space/project, permission can be configured for the role in business central Security Manager, for instance remove all permission to Space and Project from developer role. This works fine as expected. i.e. If the user is not set as contributor to the space and the project, these space and project are not shown in business central (i.e. unable to access these).

      But when doing git clone from out side of business central, that user can clone the project even though it is not shown in Business Central due to lack of permission.

      Attachments

        Issue Links

          Activity

            People

              abkuma abhishek kumar
              rhn-support-hmiura Hiroko Miura
              Srihari V Srihari V
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: