IBM Support

PH24972: TFUI. MY TASKS TAB LIST OBJECTS FOR WHICH THE USER DOES NOT HAVEACCESS

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Description:
    In the Task Focused UI, when a user is selected in a workflow to
    be the assignee, through a group or directly, the My Tasks tab
    shows all the objects even though the user does not have neither
    read access to that object.
    
    Workaround:
    Not found
    
    Prerequisites:
    A)	OpenPagesAdministrator and orm users configured by default
    Note: orm user is a sample user installed by default in
    OpenPages systems and it use a role template with no permissions
    over Audit object.
    
    B)	Modify Modules Master ? All Permissions role
    1.	Log into OpenPages as OpenPagesAdministrator
    2.	Switch to Standard UI
    3.	At the navigation menu bar, click Administration > Role
    Templates
    4.	Click Modules Master ? All Permissions
    5.	Under Role Permissions section click Edit
    6.	Tick Login to Task Focused UI and then click Save
    
    C)	Create test data
    1.	Log into OpenPages as OpenPagesAdministrator
    2.	Switch to Standard UI
    3.	On the top right, click Add New and select Business Entity
    4.	Enter BE01 as the name, fill in mandatory fields, then click
    save
    5.	On the top right, click Add New and select Auditable Entity
    6.	Select BE01 as the parent, enter AE01 as the name, fill in
    mandatory fields, then click save
    7.	On the top right, click Add New and select Audit
    8.	Select AE01 as the parent, enter Audit01 as the name, fill in
    mandatory fields, then click save
    
    D)	Create a workflow
    1.	Log into OpenPages as OpenPagesAdministrator
    2.	On the top right, click the cogwheel icon and select Manage
    Workflows
    3.	Click Add New
    4.	Enter a name AuditWF, select Audit for the Object Type, set
    to Manual Start and click Add
    5.	On the left palette, drag a Stage to the canvas, name it
    FIRST and click Add.
    6.	On the left palette, drag another Stage to the canvas, name
    it End and click Add.
    7.	Click the End stage, and on the properties panel, change Type
    to End
    8.	Connect the stages together from Start to FIRST, and FIRST to
    End. Name each action as you prefer and click Add
    9.	Click the arrow (Action) between Start and FIRST, and check
    Notify Assignees is True
    10.	Click the FIRST stage, expand Assignees and Subscribers
    section and click Add Assignee
    11.	Select ORM User and click Done
    12.	Click on Publish
    
    Steps to Reproduce:
    1.	Log into OpenPages as OpenPagesAdministrator
    2.	At left-upper side, click Primary Menu icon > Audit
    Management > Audits
    3.	Search for Audit01 created in the prerequisite section and
    click on it
    4.	At right-upper side, click Action > Start AuditWF
    5.	Click Continue and close tab
    6.	Log into OpenPages as orm
    7.	Under Home tab, click on My Tasks tab
    8.	Notice the user has Audit01 listed
    9.	Click on Audit01 and notice ?You do not have permissions to
    read an object required for this operation? error message is
    shown
    
    Expected Results:
    My Tasks tab should not list objects for which the user does not
    have at least read permissions.
    
    Actual Results:
    My Tasks tab is listing all the objects without checking user
    permissions.
    
    Error Message:
    OP-03003 You do not have permissions to read an object required
    for this operation
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * OpenPages Users                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * TFUI. MY TASKS TAB LIST OBJECTS FOR WHICH THE USER DOES NOT  *
    * HAVE ACCESS                                                  *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Customers should download OpenPages 8.2 from Passport        *
    * Advantage. See the following document for details on         *
    * obtaining OpenPages 8.2:                                     *
    * https://www.ibm.com/support/pages/downloading-ibm-openpages- *
    * watson-version-82-passport-advantage                         *
    ****************************************************************
    

Problem conclusion

  • The UI will hide resource name if user does not have access to
    resource.  It also will display a message saying you do not have
    access.
    
    Customers should download OpenPages 8.2 from Passport Advantage.
    See the following document for details on obtaining OpenPages
    8.2:
    https://www.ibm.com/support/pages/downloading-ibm-openpages-wats
    on-version-82-passport-advantage
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH24972

  • Reported component name

    OPENPAGES GRC

  • Reported component ID

    5725D5100

  • Reported release

    810

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-04-30

  • Closed date

    2020-06-22

  • Last modified date

    2020-06-22

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    OPENPAGES GRC

  • Fixed component ID

    5725D5100

Applicable component levels

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSFUEU","label":"IBM OpenPages with Watson"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"810","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
23 June 2020