IBM Support

PM68487: Broadcast enables user to use unauthorized server authentication

A fix is available

Rational Build Forge Fix Pack 4 (7.1.3.4) for Version 7.1.3

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Error description:

When set 'broadcast' option to step, user can use unauthorized
server authentiation.

There is a project which has been configured to use selector,
class at the
same access group level such as Operator. When this selector is
configured to
use server auth which is higher level access group, such as
Build Engineer,
the step failed since the build forge user has not enough
privilege to access
server auth profile.

However, if the step is configured to enable broadcast, the
build forge
user access to server auth profile regardless of its privilege.


Steps to reproduce:

Give access groups as below;

selector: Access Group = Operator
server: Access Group = Operator
server auth: Access Group = Build Engineer
project: Access Group = Operator
class: Access Group = Operator

Create 2 steps in the project, the 1st one Broadcast set to yes,
and the 2nd one Broadcast set to no.

Then, 1st step succeeds while 2nd one fails.

Workaround:
Set access goup to server and sever auth

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
permission and accessLevel is estimated according to the
step parameter. but When the step is broadcast step, there
is no "step" passing to the Server new method. The current
code will think this case as having the permission

  Fixed:Pass the "step" to Server, then all the permission
and accessLevel can be estimated

    



Problem conclusion


    

  • Fixed by the right permission and accessLevel estimatation

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PM68487
    • 

  • Reported component name
    BUILD FORGE SE
    • 

  • Reported component ID
    5724S2706
    • 

  • Reported release
    713
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2012-07-10
    • 

  • Closed date
    2012-09-28
    • 

  • Last modified date
    2012-09-28
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    BUILD FORGE SE
    • 

  • Fixed component ID
    5724S2706
    • 



Applicable component levels


    

  • R713  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSB2MV","label":"Rational Build Forge"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1.3","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            29 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback