IBM Support

JR55299: AFTER MOVING TO 8.5.6, ASSETS REST API REQUIRES ADMIN RIGHTS TO EXECUTE ON A PROCESS SERVER

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • After moving to 8.5.6, assets REST API requires admin rights to
    execute on a Process Server.
    
    GET /rest/bpm/wle/v1/assets
    
    On Process Center, it returns assets that the user has "read"
    access to as mentioned in the infocenter.
    
    Although on Process Server, this rest command can be executed
    but will not return any results unless the user is a member of
    the tw_admins group. There is not a method for setting read
    access to a process app on the Process Server.
    
    Prior to 856, the API only required an authenicated user for it
    to be used
    

Local fix

  • Execute the API with a user that is a member of the "tw_admins"
    group
    

Problem summary

  • In an IBM Process Center environment, the process application's
    access control list (ACL) authorization is in place for the
    /rest/bpm/wle/v1/assets REST API. On a runtime IBM Process
    Server environment, the REST API is accessible by members of the
     tw_admin group only.
    
    PRODUCTS AFFECTED
    IBM BPM Advanced
    IBM BPM Standard
    IBM BPM Express
    

Problem conclusion

  • A configurable property,
    <enforce-Authorization-Check-For-Ps-Model-Data>, will be
    incorporated into a later IBM BPM release to allow non tw_admin
    users to access the API.
    

Temporary fix

  • Invoke the REST API with a user that is part of the tw_admin
    group.
    

Comments

APAR Information

  • APAR number

    JR55299

  • Reported component name

    BPM ADVANCED

  • Reported component ID

    5725C9400

  • Reported release

    856

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-02-11

  • Closed date

    2016-04-06

  • Last modified date

    2016-04-06

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    BPM ADVANCED

  • Fixed component ID

    5725C9400

Applicable component levels

  • R857 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"856","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
06 April 2016