IBM Support

IJ28494: QRADAR USERS WITHOUT "VIEW CUSTOM RULES" AND "MAINTAIN CUSTOM RULES" ACCESS CAN STILL SEE FULL LIST OF CUSTOM RULES UNDER LOG

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • QRadar users can access custom rules even when their access has
    not been granted to 'View Custom Rules' and 'Maintain Custom
    Rules' while searching in Log Activity.
    
    For Example:
    1. Create
    a user role without "View Custom Rules" and "Maintain Custom
    Rules" under Log Activity
    2. Create a user assigned as the new
    user role
    3. Log in to the QRadar Console as the new user
    4.
    Click the Log Activity tab.
    5. Create a New Search
    6. Click
    Search parameters > Parameter Custom rule [Indexed]
    7. Verify
    both Rule Group and rules could be viewed by user who should
    not have access.
    

Local fix

  • No Workaround available
    APARs identified with no workaround
    may require a software delivery to resolve. This reported issue
    will be considered for a future release and administrators can
    subscribe to the APAR to get updates by clicking on the
    Subscribe button on the right side of this page or ask a
    question about this APAR in our?Support
    Forums.
    https://ibm.biz/qradarforums
    

Problem summary

  • This issue was fixed in IBM Security QRadar Analyst Workflow App
     v1.9.16.
    

Problem conclusion

  • This issue was fixed in IBM Security QRadar Analyst Workflow App
     v1.9.16.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IJ28494

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    740

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-10-01

  • Closed date

    2021-04-26

  • Last modified date

    2021-04-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QRADAR SOFTWARE

  • Fixed component ID

    5725QRDSW

Applicable component levels

[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"740"}]

Document Information

Modified date:
27 April 2021