IBM Support

JR57236: IBM BPM REST API DOES NOT CONSIDER THE USERID WHEN USING SAVED SEARCHES

Direct links to fixes

bpm.8570.cf2017.03.delta.repository
Downloading IBM Business Process Manager V8.5.7 Cumulative Fix 2017.03

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Starting with IBM Business Process Manager (BPM) V8.5.7, you can
create multiple independent saved search definitions that have
the same name as long as you do not have access to the other
saved search. Using the deprecated REST API 'Task Instance Query
 Entity List' to run the saved search by name might incorrectly
cause a saved search defined by another user to run.

PRODUCTS AFFECTED
IBM Business Process Manager (BPM) Advanced
IBM BPM Standard
IBM BPM Express

Local fix

  • If the system was upgraded to IBM BPM 8.5.7 from a previous IBM
BPM version and client applications use the deprecated REST API
'Task Instance Query Entity List', you can circumvent this
problem by reinstalling the Saved Search process application
from the previous version of IBM BPM and continue to use the
Saved Search editor in the Process Admin Console instead of the
Saved Search editor in Process Portal to manage your saved
searches.

For new V8.5.7 systems, use the new Saved Search REST APIs only.

Problem summary

  • The Saved Search editor in Responsive Process Portal and
corresponding Saved Search REST APIs support defining and
running saved searches that were created by different users but
have the same name. The deprecated REST API used by Heritage
Process Portal to run saved searches does not differentiate
between users and always uses the last one saved.

Problem conclusion

  • A fix will be included in IBM BPM V8.5.7 cumulative fix 2017.03
that ensures that the deprecated Saved Search REST APIs runs
only saved searches that the respective user has access to as
well.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    JR57236
    • 

  • Reported component name
    BPM ADVANCED
    • 

  • Reported component ID
    5725C9400
    • 

  • Reported release
    857
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2017-01-09
    • 

  • Closed date
    2017-02-27
    • 

  • Last modified date
    2017-02-27
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    BPM STANDARD
    • 

  • Fixed component ID
    5725C9500
    • 



Applicable component levels


    

  • R857  PSY
       UP
    • 








      
          
                    

          

          [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"857","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
          

                    

        
        

        

      


      


        

            

            
Document Information


            

            


                        

            Modified date:
            

            27 February 2017
            

            
            
          

        


        

        


      


    


  





    

  



  
    
      

      
Page Feedback