IBM Support

JR46780: MODIFYING PARTICIPANTGROUP MEMBERSHIP IN PROCESSADMIN CONSOLE, ARTIFACTS IN TOOLKITS MAY BE EXPOSED TO THE WRONG GROUP OF USERS

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • In certain cases, modifying the ParticipantGroup/Team
    membership at runtime is not accurate for toolkit artifacts
    such as BPDs, HumanServices, EPVs, etc.
    It's possible to modify the group membership in the ProcessAdmin
    console for a particular ProcessApp snapshot, changing the group
    membership for all running and future instances.
    
    For ParticipantGroups/Teams modeled in a toolkit, the group
    membership is not accurately updated.
    This leads to situations where a BPD, EPV, etc.  are exposed to
    the wrong group of users.  Users may not see artifacts they're
    authorized too, or they may see artifacts they're not
    authorized too.
    

Local fix

Problem summary

  • BPM supports modifing the Role Bindings for ParticipantGroups at
    runtime, using the ProcessAdmin console.  Unfortunately, adding
    or removing users from a ParticipantGroup is not applied to all
    artifacts (such as BPDs, EPVs, etc.) exposed to this
    ParticipantGroup.  This may occur when a ParticipantGroup is
    modeled in a toolkit and exposed to artifacts in the same
    toolkit.  When a toolkit dependency is added to the ProcessApp,
    BPM incorrectly creates multiple internal groups for this one
    ParticipantGroup.  When the ParticipantGroup membership is
    modified at runtime, only one of the internal groups are update.
     When this occurs, users may see artifacts they are not
    authorized too, or may not be authorized when they should be.
    

Problem conclusion

  • When a toolkit dependency is added, a single internal group is
    created for each ParticipantGroup.  When the ParticipantGroup
    membership is updated at runtime, the changes are valid for all
    artifacts exposed to this ParticipantGroup, regardless of where
    it's modeled.
    
    iFix available on top V751 FP1
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR46780

  • Reported component name

    BPM ADVANCED

  • Reported component ID

    5725C9400

  • Reported release

    751

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-05-29

  • Closed date

    2013-06-27

  • Last modified date

    2013-06-27

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    JR46791 JR46792

Fix information

  • Fixed component name

    BPM ADVANCED

  • Fixed component ID

    5725C9400

Applicable component levels

  • R751 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5.1","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
27 June 2013