Description of problem: If we create an user in role "developer" and log into BPM Suite 6.1 using it, it is able to see the Administration tab. Version-Release number of selected component (if applicable): n/a How reproducible: always Steps to Reproduce: 1. Create an user using {BPM Suite}/bin/add-user.sh and give it the role "developer" 2. Log into business-central.war using the created user Actual results: The logged user can see the administration page including repositories not allowed for him; Expected results: The user should not see the administration menu or not able to see the repositories that are not allowed for his roles. Additional info:
This is a fix and workaround suggested by Toshiya: ------------------------------------------------------------------ In business-central, there is a fine grained access control configuration: ./business-central.war/WEB-INF/classes/workbench-policy.properties So changing from: group.wb_for_developers=wb_everything, !wb_extensions to: group.wb_for_developers=wb_everything, !wb_extensions, !wb_administration would be a workaround (or a valid fix). ------------------------------------------------------------------
Marking this as verified, but notice the following: 1. "The user should not see the administration menu" - fixed 2. "not able to see the repositories that are not allowed for his roles" - managing repository access by roles doesn't exist in bpms. 3. User with developer role can open file explorer of repositories, if he does this two steps: 1. Open Project Authoring perspective 2. enter url: <base_url>/business-central/kie-wb.html#FileExplorer If is the point 3. problem for customer, please file separate BZ for this.