manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sharnel Merdeck Pereira <spere...@worldbankgroup.org>
Subject ManifoldCf Documentum Negative ACL
Date Wed, 05 Apr 2017 17:40:19 GMT
Hi,

We are having issues with authorization when there are negative acls.

I have included an example below :


·         Indexing done using manifoldcf v 2.5, solr v 5.5.2

·         Indexed document with r_object_id 091e86d986f6a044

·         document has acl idocs_inst_540278_O_acl

·         acl idocs_inst_540278_O_acl has negative group added to it (r_accessor_name: emucw
; r_accessor_permit :1)

·         on indexing we see document has acl idocs_inst_540278_O_acl on allowed_token

·         user 000470248 has been added to group emucw

·         On querytime we get user having acl idocs_inst_540278_O_acl and user is able to
see the document, ideally there should not be access as negative group should take priority
and should not be available in user acl.



I have attached screenshots and query logs:





·         User acls at query time

[cid:image001.png@01D2AE12.29C7F3E0]





·         Query to fetch user acls in code :        SELECT DISTINCT A.owner_name, A.object_name
FROM dm_acl A WHERE
            A.object_name NOT LIKE 'dm_%' AND (
            (any (A.r_accessor_name IN ('" + strAccessToken + "', 'dm_world') AND r_accessor_permit>2)
            OR (any (A.r_accessor_name='dm_owner' AND A.r_accessor_permit>2) AND A.owner_name="
+ quoteDQLString(strAccessToken) + ")
            OR (ANY (A.r_accessor_name in (SELECT G.group_name FROM dm_group G WHERE ANY G.i_all_users_names
= " + quoteDQLString(strAccessToken) + ")
            AND r_accessor_permit>2)) )







·         Document values

[cid:image002.png@01D2AE12.29C7F3E0]






Kindly let me know if more details are required. How do I resolve above issue


Thanks
Sharnel


Mime
View raw message