Bug 1233428
| Summary: | Users with "developer" role are able to see the administration page | ||
|---|---|---|---|
| Product: | [Retired] JBoss BPMS Platform 6 | Reporter: | William Antônio <wsiqueir> |
| Component: | Business Central | Assignee: | manstis |
| Status: | CLOSED EOL | QA Contact: | Jozef Marko <jomarko> |
| Severity: | high | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 6.1.0 | CC: | kverlaen |
| Target Milestone: | ER3 | ||
| Target Release: | 6.2.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-03-27 20:09:45 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This is a fix and workaround suggested by Toshiya: ------------------------------------------------------------------ In business-central, there is a fine grained access control configuration: ./business-central.war/WEB-INF/classes/workbench-policy.properties So changing from: group.wb_for_developers=wb_everything, !wb_extensions to: group.wb_for_developers=wb_everything, !wb_extensions, !wb_administration would be a workaround (or a valid fix). ------------------------------------------------------------------ Marking this as verified, but notice the following:
1. "The user should not see the administration menu" - fixed
2. "not able to see the repositories that are not allowed for his roles" - managing repository access by roles doesn't exist in bpms.
3. User with developer role can open file explorer of repositories, if he does this two steps:
1. Open Project Authoring perspective
2. enter url: <base_url>/business-central/kie-wb.html#FileExplorer
If is the point 3. problem for customer, please file separate BZ for this.
|
Description of problem: If we create an user in role "developer" and log into BPM Suite 6.1 using it, it is able to see the Administration tab. Version-Release number of selected component (if applicable): n/a How reproducible: always Steps to Reproduce: 1. Create an user using {BPM Suite}/bin/add-user.sh and give it the role "developer" 2. Log into business-central.war using the created user Actual results: The logged user can see the administration page including repositories not allowed for him; Expected results: The user should not see the administration menu or not able to see the repositories that are not allowed for his roles. Additional info: