Starting to use Roles/Orgs and it seems that under the Reports menu, all Summaries are visible to an org_admin even if the user has insufficient access to them. Queries however, are not visible. This doesn't seem intentional as attempting to run any of these Summaries will flag an error and log the following notice:
Status: HTTP/1.1 403 ForbiddenSummary: User insufficient access. (User:8, Collection:summaries, Action:execute, ID:1).Detail: A user attempted to access a resource for which they do not have authorisation (sic)
EDIT: TIL that authorisation is actually valid spelling and common in British english.
Just and update reply. There seems to be a logic issue here in code.
I'll log an internal bug ticket, work through it and advise.
Final update. This has been written and committed to the code-base. It will be in our next release (at the stage, 3.3.0).
Roles are the default to community edition. org_admin1 is org_admin to subOrg.
All summaries are assigned to Default Org
If its of any help, attached the the debug portion of the summaries page under org_admin1
I'm having trouble replicating this.
The user org_admin1, what roles does it have?
Those roles - what permissions on Summaries do they have?
Prod is Windows OA 2.3.3 with LDAP AuthN and OA AuthZ. Test is 3.2.2 on Windows with OA for both AuthN&Z
Both behave the same.
Which version of Open-AudIT are you using, and is it installed on Windows or Linux? Also, what is your authentication mechanism (i.e. htpasswd, open-audit, LDAP, etc)?
Powered by a free Atlassian Confluence Open Source Project License granted to Opmantek. Evaluate Confluence today.