IBM Support

HD27694: ZONEEDIT : REMOVE ZONE IS POSSIBLE EVEN IF REQUIRED PRIVILEGES ARE REVOKED

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Abstract:
ZONEEDIT : REMOVE ZONE IS POSSIBLE EVEN IF
REQUIRED PRIVILEGES ARE REVOKED
Prerequisite:
Create a new context in P&O and revoke
ENOVIA_VPMZone.RemoveZone privilege for it.
Scenario:
1. Login Login with the above created P&O context.
2. Create a PRC and send it to Product Editor.
3. Select PRC and send it to Zone Editor.
4. Create a new Zone.
5. Save.
6. Select the zone, right click and select "Remove
Zone".
Result: Zone is successfully removed,  even if the
required privilege to do so is revoked in P&O.
The list of PRIVILEGES for customer's context:
================================
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.LO
GIN
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS_GROUP=
PeopleClientGlobal
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMZone.Modify;GLOBAL;MyOrgData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMDocumentRevision.Read;GLOBAL;MyOrg
Data
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMDocumentRevision.Read;COND;
TemplateOrgData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMProductClass.OpenProductClass;GLOBAL;
MyOrgData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMProductRootClass.AddChildDoc;GLOBAL;
MyOrgData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMContext.Create
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMContext.Delete;GLOBAL;MyOrgData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMContext.Delete;COND;TemplateOrgData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMContext.LoadContext;GLOBAL;MyOrgDat
a
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMContext.LoadContext;COND;TemplateOr
gData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMContext.Modify;GLOBAL;MyOrgData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMContext.Modify;COND;TemplateOrgData
================================
The result on server trace from the customer is :
VpmSCManager
CATVpmSCManager::CheckDataAccess
(obj,RegMeth)() {
VpmSCManager : ---------------------------------------
------
VpmSCManager : CATVpmSCManager::CheckState
() {
VpmSCManager : : CheckState(Login OK) / Login
OK : Ok
VpmSCManager : }
VpmSCManager : Class : ENOVIA_VPMZone [cia
productIdentifier8989]
VpmSCManager : Method : RemoveZone
VpmSCManager : - secured
VpmSCManager : - conditional
VpmSCManager : Trying on attributes ...
VpmSCManager : - user =
VpmSCManager : - org =
VpmSCManager : Security process :
ENOVIA_VPMZone.RemoveZone
VpmSCManager :
CATVpmSCManager::CheckDataAccess
(A.F.C,user,org)() {
VpmSCManager : : Process:
ENOVIA_VPMZone.RemoveZone
VpmSCManager : : User : V085703
VpmSCManager : : Org : MAIN
VpmSCManager : :
CATVpmSCManager::CheckState() {
VpmSCManager : : : CheckState(Login OK) / Login
OK : Ok
VpmSCManager : : }
VpmSCManager : : 1. Is the process refered by
your privileges ?
VpmSCManager : :
CATVpmSCManager::GetCheckA_Processes() {
VpmSCManager : : : recherche command:
ENOVIA_VPMZone::RemoveZone
VpmSCManager : : }
VpmSCManager : : ==> NO !
VpmSCManager : : ==> You are not granted
permission to process
[ENOVIA_VPMZone.RemoveZone]
VpmSCManager : }
VpmSCManager : ==> Access: DENIED
VpmSCManager : ==> You are not granted
permission to process
[ENOVIA_VPMZone.RemoveZone]
.

Local fix

  • 



Problem summary


    

  • ZONEEDIT : REMOVE ZONE IS POSSIBLE EVEN IF REQUIRED PRIVILEGES
ARE REVOKED
Abstract:
ZONEEDIT : REMOVE ZONE IS POSSIBLE EVEN IF
REQUIRED PRIVILEGES ARE REVOKED
Prerequisite:
Create a new context in P&O and revoke
ENOVIA_VPMZone.RemoveZone privilege for it.
Scenario:
1. Login Login with the above created P&O context.
2. Create a PRC and send it to Product Editor.
3. Select PRC and send it to Zone Editor.
4. Create a new Zone.
5. Save.
6. Select the zone, right click and select "Remove
Zone".
Result: Zone is successfully removed,  even if the
required privilege to do so is revoked in P&O.
The list of PRIVILEGES for customer's context:
================================
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.LO
GIN
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS_GROUP=
PeopleClientGlobal
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMZone.Modify;GLOBAL;MyOrgData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMDocumentRevision.Read;GLOBAL;MyOrg
Data
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMDocumentRevision.Read;COND;
TemplateOrgData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMProductClass.OpenProductClass;GLOBAL;
MyOrgData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMProductRootClass.AddChildDoc;GLOBAL;
MyOrgData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMContext.Create
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMContext.Delete;GLOBAL;MyOrgData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMContext.Delete;COND;TemplateOrgData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMContext.LoadContext;GLOBAL;MyOrgDat
a
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMContext.LoadContext;COND;TemplateOr
gData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMContext.Modify;GLOBAL;MyOrgData
*PRIV
1;CTX=VIEWER.MAIN.DEFAULT;PROCESS=VPM.EN
OVIA_VPMContext.Modify;COND;TemplateOrgData
================================
The result on server trace from the customer is :
VpmSCManager

    



Problem conclusion


    

  • THIS PROBLEM WILL BE FIXED ON ENOVIA
VERSION 5 RELEASE 15 GA level.
NOTE THAT THIS PROBLEM WILL ALSO BE FIXED
ON V5R14SP02
AND ALSO ON V5R13SP07
AND V5R12SP10.
.

    



Temporary fix


    

  • TE512 ARY FIX: none

    



Comments


    

  • 



APAR Information




    

  • APAR number
    HD27694
    • 

  • Reported component name
    ENOVIA LCA NT/2
    • 

  • Reported component ID
    569151700
    • 

  • Reported release
    512
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2004-09-10
    • 

  • Closed date
    2004-09-29
    • 

  • Last modified date
    2009-06-24
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    ENOVIA LCA NT/2
    • 

  • Fixed component ID
    569151700
    • 



Applicable component levels


    

  • R512  PSN  SP51210
       UP04/12/14  I  1000
    • 

  • R513  PSN  SP51307
       UP04/11/05  N  1000
    • 

  • R514  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSDJRN","label":"ENOVIA LCA"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"512","Edition":"","Line of Business":{"code":"","label":""}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            24 June 2009
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback