manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CONNECTORS-1401) Documentum Authority does not properly exclude ACLs that include negative groups or users
Date Thu, 06 Apr 2017 21:51:41 GMT
Karl Wright created CONNECTORS-1401:
---------------------------------------

             Summary: Documentum Authority does not properly exclude ACLs that include negative
groups or users
                 Key: CONNECTORS-1401
                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1401
             Project: ManifoldCF
          Issue Type: Bug
          Components: Documentum connector
    Affects Versions: ManifoldCF 2.5
            Reporter: Karl Wright
            Assignee: Karl Wright
             Fix For: ManifoldCF 2.7


The Documentum Authority currently returns a list of ACL names, which it gets using the following
DQL query:

{code}
ELECT DISTINCT A.owner_name, A.object_name FROM dm_acl A WHERE
            A.object_name NOT LIKE 'dm_%' AND (
            (any (A.r_accessor_name IN ('" + strAccessToken + "', 'dm_world') AND r_accessor_permit>2)
            OR (any (A.r_accessor_name='dm_owner' AND A.r_accessor_permit>2) AND A.owner_name="
+ quoteDQLString(strAccessToken) + ")
            OR (ANY (A.r_accessor_name in (SELECT G.group_name FROM dm_group G WHERE ANY G.i_all_users_names
= " + quoteDQLString(strAccessToken) + ")
            AND r_accessor_permit>2)) )
{code}

The query should be modified to block all ACLs that have r_accessor_permit <= 2, since
those are "denied" access.




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message