IBM Support

PH50755: CM.SECURITYQUERYREQUIRESREAD DOES NOT WORK WITH OIDC

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as documentation error.

Error description

  • The CM.SECURITYQUERYREQUIRESREAD property does not work with
OIDC namespaces. When set to true, users that do not have READ
permissions on other users should not see users when selecting
or searching for users using "Search Directory" when sending a
report by email, or in other parts of the UI.

This works for namespace types like LDAP, but for OIDC
namespaces it has no effect. Users in a OIDC namespace can still
see or search for users they do not have READ permissions on.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* CA users                                                     *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* The CM.SECURITYQUERYREQUIRESREAD property does not work with *
* OIDC namespaces. When set to true, users that do not have    *
* READ permissions on other users should not see users when    *
* selecting or searching for users using "Search Directory"    *
* when sending a report by email, or in other parts of the UI. *
*                                                              *
* This works for namespace types like LDAP, but for OIDC       *
* namespaces it has no effect. Users in a OIDC namespace can   *
* still see or search for users they do not have READ          *
* permissions on.                                              *
*                                                              *
* Test Case Steps:                                             *
*                                                              *
* 1. Set advanced settings                                     *
* 2. Set Deny Read on LDAP namespace                           *
* 3. Go to Manage credentials                                  *
* 4. Browse in LDAP                                            *
* 5. Nothing is returned                                       *
* 6. Do the above for OIDC                                     *
* 7. List of users is returned.                                *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************

    



Problem conclusion



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH50755
    • 

  • Reported component name
    COGNOS ANALYTIC
    • 

  • Reported component ID
    5724W12XX
    • 

  • Reported release
    B0A
    • 

  • Status
    CLOSED  DOC
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2022-11-08
    • 

  • Closed date
    2023-03-08
    • 

  • Last modified date
    2023-03-08
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"Cognos Analytics"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B0A","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            08 March 2023
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback