IC76893: UNABLE TO DELETE SUBDIRECTORIES IN LOCAL:/// BASED ON ROLE-BASED MANAGEMENT SETTINGS.

APAR status

• Closed as program error.

Error description

• Permission is
  denied when trying to delete a subdirectory that is defined
  under the local:/// directory.
  
  The user group's access profile is defined with the following
  settings:
  
    */*/*?Access=r
    */TestDomain/device/create-dir?Name=.*&Directory=.*&Access=x
    */TestDomain/device/remove-dir?Name=.*&Directory=.*&Access=x
    */TestDomain/file/local?Access=r+w+a+d+x
  
  The above settings should allow the following:
  
    - Read privilege to all objects on the box.
    - Privilege to create subdirectories under the local folder in
      the TestDomain.
    - Privilege to delete subdirectories under the local folder in
      the TestDomain.
    - Read, write, add, delete and execute privileges to all files
      under the local directory in the TestDomain.
  
  However, attempts to delete a subdirectory defined under local
  results in a permission denied message.
  

Local fix

• A workaround for the delete folder issue is to change the
  following access profile setting from:
  
    */*/*?Access=r
  
  to:
  
    */*/*?Access=r+x
  
  However, this grants execute privileges to all objects on the
  appliance.
  

Problem summary

• User is unable to delete a subdirectory that is defined under
  local:/// even though the user belongs to a user group with
  access settings that permits delete of directories under the
  local folder in the specified domain.
  

Problem conclusion

• The fix is available in 3.8.0.14, 3.8.1.14, 3.8.2.5, 4.0.1.2
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  DATAPOWER

• Fixed component ID

  DP1234567

Applicable component levels

• R380 PSY

     UP

• R381 PSY

     UP

• R382 PSY

     UP

• R401 PSY

     UP