IBM Support

PK58543: CONTENT CAN BE MOVED/COPIED TO A LIBRARY WHEN USERS DO NOT HAVE EDITOR ACCESS TO EITHER THE LIBRARY OR THE RESOURCE TYPES.

 

APAR status

  • Closed as program error.

Error description

  • When a user have any access that is lesser that Editor to a
library and have no access to the wcm resource types, it is
possible for
that user to move/copy content from another library to this
library even thought it is not possible for this user to create
any
content using the UI.

Local fix

  • The security checks to display a list of libraries does not take
into account the users access to the resource type (eg Content,
taxonomy, workflow etc), only access to the library is
considered. This means a user can have contributor access to the
library and
no access to any of the wcm resource types and still be able to
move/copy content to this library when they should not be able
to.

Problem summary

  • Content can be moved/copied to a library when users do not have
editor access to either the library or the resource types.

When a user have any access that is lesser that Editor to a
library and have no access to the wcm resource types, it is
possible for
that user to move/copy content from another library to this
library even thought it is not possible for this user to create
any
content using the UI.

Problem conclusion

  • The security checks to display a list of libraries does not take
into account the users access to the resource type (eg Content,
taxonomy, workflow etc), only access to the library is
considered. This means a user can have contributor access to the
library and
no access to any of the wcm resource types and still be able to
move/copy content to this library when they should not be able
to.


An interim fix is available for this APAR from Fix Central at:

http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde
r?brandid=2&productid=Workplace%20Web%20Content%20Management&fix
es=6.0.1.2-WCM-PK58543

You will need to cut/paste the entire URL into a browser to
resolve the address.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PK58543
    • 

  • Reported component name
    WRKPLC WEB CON
    • 

  • Reported component ID
    5724I2900
    • 

  • Reported release
    60F
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2007-12-20
    • 

  • Closed date
    2007-12-20
    • 

  • Last modified date
    2008-02-02
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WRKPLC WEB CON
    • 

  • Fixed component ID
    5724I2900
    • 



Applicable component levels


    

  • R60F  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":null,"label":null},"Product":{"code":"SUPPORT","label":"IBM Worldwide Support"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.1.2","Edition":"","Line of Business":{"code":null,"label":null}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            10 September 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback