IBM Support

JR46780: MODIFYING PARTICIPANTGROUP MEMBERSHIP IN PROCESSADMIN CONSOLE, ARTIFACTS IN TOOLKITS MAY BE EXPOSED TO THE WRONG GROUP OF USERS

Fixes are available

Version 8.0.1 Fix Pack 2 for the IBM Business Process Manager products
Version 8.5.0 Fix Pack 1 for the IBM Business Process Manager products
Version 7.5.1 Fix Pack 2 for the IBM Business Process Manager products
Version 8.5 Refresh Pack 5 for the IBM Business Process Manager products

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • In certain cases, modifying the ParticipantGroup/Team
membership at runtime is not accurate for toolkit artifacts
such as BPDs, HumanServices, EPVs, etc.
It's possible to modify the group membership in the ProcessAdmin
console for a particular ProcessApp snapshot, changing the group
membership for all running and future instances.

For ParticipantGroups/Teams modeled in a toolkit, the group
membership is not accurately updated.
This leads to situations where a BPD, EPV, etc.  are exposed to
the wrong group of users.  Users may not see artifacts they're
authorized too, or they may see artifacts they're not
authorized too.

Local fix

  • 



Problem summary


    

  • BPM supports modifing the Role Bindings for ParticipantGroups at
runtime, using the ProcessAdmin console.  Unfortunately, adding
or removing users from a ParticipantGroup is not applied to all
artifacts (such as BPDs, EPVs, etc.) exposed to this
ParticipantGroup.  This may occur when a ParticipantGroup is
modeled in a toolkit and exposed to artifacts in the same
toolkit.  When a toolkit dependency is added to the ProcessApp,
BPM incorrectly creates multiple internal groups for this one
ParticipantGroup.  When the ParticipantGroup membership is
modified at runtime, only one of the internal groups are update.
 When this occurs, users may see artifacts they are not
authorized too, or may not be authorized when they should be.

    



Problem conclusion


    

  • When a toolkit dependency is added, a single internal group is
created for each ParticipantGroup.  When the ParticipantGroup
membership is updated at runtime, the changes are valid for all
artifacts exposed to this ParticipantGroup, regardless of where
it's modeled.

iFix available on top V751 FP1

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    JR46780
    • 

  • Reported component name
    BPM ADVANCED
    • 

  • Reported component ID
    5725C9400
    • 

  • Reported release
    751
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2013-05-29
    • 

  • Closed date
    2013-06-27
    • 

  • Last modified date
    2013-06-27
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
JR46791 JR46792
    

    • 



Fix information


    

  • Fixed component name
    BPM ADVANCED
    • 

  • Fixed component ID
    5725C9400
    • 



Applicable component levels


    

  • R751  PSY
       UP
    • 








      
          
                    

          

          [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5.1","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
          

                    

        
        

        

      


      


        

            

            
Document Information


            

            


                        

            Modified date:
            

            27 June 2013
            

            
            
          

        


        

        


      


    


  





    

  



  
    
      

      
Page Feedback