IBM Support

IJ16943: QRADAR USER CAN ACCESS CUSTOM RULE INFORMATION WHEN NOT GIVEN ACCESS TO 'VIEW CUSTOM RULES' AND 'MAINTAIN CUSTOM RULES'

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • It has been identified that QRadar users can access custom
    rules even when their access has not been granted to 'View
    Custom Rules' and 'Maintain Custom Rules'.
    For example:
    1. Have a user with disabled options for "View Custom Rules"
    and "Maintain Custom Rules".
    2. Login with that user.  Navigate to the Offense tab.
    3. Click Offense search.
    Results:  The User cannot open the rules definitions or view
    the rules summary page but the user can view all the rule
    Groups and list all available rules on the system.
    The names of the rules can be quite informative and specific
    for a particular domain and tenancy and should not be exposed to
    a user with this specific role settings.
    

Local fix

  • No workaround available.
    

Problem summary

  • This issue was fixed in QRadar QRM QVM release of 7.3.3 GA.
    

Problem conclusion

  • This issue was fixed in QRadar QRM QVM release of 7.3.3 GA.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IJ16943

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    731

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-06-17

  • Closed date

    2019-12-06

  • Last modified date

    2019-12-06

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QRADAR SOFTWARE

  • Fixed component ID

    5725QRDSW

Applicable component levels

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"731","Edition":""}]

Document Information

Modified date:
06 December 2019