APAR status
Closed as program error.
Error description
DataBean-based REST calls might fail with authentication or authorization issues. For example, if you login as an administrator and you attempt to list eligible contracts for another user, you might encounter a "403 _ERR_USER_AUTHORITY" error. The DataBean is activated by using a generic session, which fails the access control check.
Local fix
Problem summary
USERS AFFECTED: WebSphere Commerce Version 7 administrators on Feature Pack 8 who need to use REST APIs with the forUser or forUserId parameter. PROBLEM ABSTRACT: forUser does not work for DataBean-based REST API BUSINESS IMPACT: Administrators, such as CSRs, cannot call some DataBean-based REST APIs. RECOMMENDATION:
Problem conclusion
Resolved the session-related issue to ensure that access control check is passed.
Temporary fix
Comments
APAR Information
APAR number
JR55534
Reported component name
WC BUS EDITION
Reported component ID
5724I3800
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-03-15
Closed date
2016-03-25
Last modified date
2016-03-25
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WC BUS EDITION
Fixed component ID
5724I3800
Applicable component levels
R800 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSYL","label":"WebSphere Commerce Enterprise"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]
Document Information
Modified date:
12 December 2021