APAR status
Closed as program error.
Error description
Software : TPAE 7.1.1.6 & TSRM 7.2.0.1 Platform : Windows 2008 Server Database : SQL Server 2008 WAS : Websphere 6.1.0.23 ---------------------------------------------------------------- In order to be able to delete an attachment in an SR if the user doesn't have the right to delete an SR, we need to put a false condition on the relation SIGOPTION (in security groups). The problem is that the user still sees the option to delete the SR in the select action menu. ---------------------------------------------------------------- Step by Step used by L2 Support to reproduce the problem: --------------------------------------------------------- 1. Create a FALSE expression. The FALSE expression settings:1=0 2. Create a group called mydept having USER2 as one of the users for this group. For the service application (or a copy of it), set the Delete Service Request grant access to having FALSE condition enabled and all options enabled (all 68 options). Save. Log in as USER2. Open the service requests application. Open any SR ticket. The Delete Service Request option is still shown under the Select Action menu. User can still attach files/delete attached files and delete related records without being able to delete the SR ticket itself. This is what the customer wanted to do. A doc is attached in IssueDB
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: n/a * **************************************************************** * PROBLEM DESCRIPTION: Software : TPAE 7.1.1.6 & TSRM 7.2.0.1 * * * * Platform : Windows 2008 Server * * * * Database : SQL Server 2008 * * * * WAS : Websphere 6.1.0.23 * * * * --------------------------------------- * * ------------------------- * * * * In order to be able to delete an * * attachment in an SR if the user * * * * doesn't have the right to delete an * * SR, we need to put a false * * * * condition on the relation SIGOPTION (in * * security groups). * * * * The problem is that the user still sees * * the option to delete the * * * * SR in * * * * the select action menu. * * * * --------------------------------------- * * ------------------------- * * * * Step by Step used by L2 Support to * * reproduce the problem: * * * * --------------------------------------- * * ------------------ * * * * 1. Create a FALSE expression. * * * * The FALSE expression settings:1=0 * * * * 2. Create a group called mydept having * * USER2 as one of the users * * * * for this group. For the service * * application (or a copy of it), * * * * set the Delete Service Request grant * * access to having FALSE * * * * condition enabled and all options * * enabled (all 68 options). * * * * Save. * * * * Log in as USER2. Open the service * * requests application. Open * * * * any SR ticket. The Delete Service * * Request option is still shown * * * * under the Select Action menu. User can * * still attach files/delete * * * * attached files and delete related * * records without being able to * * * * delete the SR ticket itself. This is * * what the customer wanted to * * * * do. * * * * A doc is attached in IssueDB * * * * LOCAL FIX: * * * * N/A * * * **************************************************************** * RECOMMENDATION: * * * * * * * **************************************************************** DELETE SERVICE REQUEST OPTION IS SHOWN UNDER SR
Problem conclusion
The behavior described can't be reproduced - the Delete Service Request action menu doesn't show when the user's DLETE option has FALSE condition associated with it. However, I was able to reproduce in 7.1.1.6 the behavior where if the user has no DELETE privilege to SR, s/he can't delete attachments. This later problem was fixed in 7117. The fix for this APAR is contained in the following maintenance package: | release\fix pack | REL 7.1.1.8 - BS
Temporary fix
Comments
APAR Information
APAR number
IZ86565
Reported component name
SECURITY
Reported component ID
5724R46SC
Reported release
711
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2010-10-12
Closed date
2010-10-14
Last modified date
2010-10-14
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
MAXIMO
Fix information
Fixed component name
SECURITY
Fixed component ID
5724R46SC
Applicable component levels
R711 PSY
UP
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCHPNP","label":"Security Groups"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"711","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
14 October 2010