[CONNECTORS-1401] Documentum Authority does not properly exclude ACLs that include negative groups or users - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: ManifoldCF 2.5
Fix Version/s: ManifoldCF 2.7
Component/s: Documentum connector
Labels:
None

Description

The Documentum Authority currently returns a list of ACL names, which it gets using the following DQL query:

SELECT DISTINCT A.owner_name, A.object_name FROM dm_acl A WHERE
            A.object_name NOT LIKE 'dm_%' AND (
            (any (A.r_accessor_name IN ('" + strAccessToken + "', 'dm_world') AND r_accessor_permit>2)
            OR (any (A.r_accessor_name='dm_owner' AND A.r_accessor_permit>2) AND A.owner_name=" + quoteDQLString(strAccessToken) + ")
            OR (ANY (A.r_accessor_name in (SELECT G.group_name FROM dm_group G WHERE ANY G.i_all_users_names = " + quoteDQLString(strAccessToken) + ")
            AND r_accessor_permit>2)) )

The query should be modified to block all ACLs that have r_accessor_permit <= 2, since those are "denied" access.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

CONNECTORS-1401.patch
06/Apr/17 22:46
2 kB
Karl Wright

Activity

People

Assignee:: Karl Wright

Reporter:: Karl Wright

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 06/Apr/17 21:51

Updated:: 08/Apr/17 05:09

Resolved:: 08/Apr/17 05:09