Notifications

633 views

Description

Users without the admin role are unable to view CI relationship information in History Sets. The Read ACL for sys_history_line checks access based on access to the parent field. Because the CI relationship records do not contain this information, non-admin users are restricted from viewing that content.

 

Steps to Reproduce

  1. Log in as a user with the admin role.

  2. Access /cmdb_ci_computer.do and create a new record named TestComputer1.

  3. Access /cmdb_ci_computer.do and create a new record named TestComputer2.

  4. In the TestComputer 2 record, click '+' on the Related Items widget and add a CI Relationship.

  5. In the Suggested relationship types section, select Connects (Child).

  6. In the Configuration Items section, locate and check TestComputer1.

  7. In the Relationships section, click '+' to add the relationship.

  8. Click on Save and Exit to return to the TestComputer2 record.

  9. Access History > List and sort descending by Update number.

    Note that as an admin user, the relationship record is displayed in the History Set.

  10. Repeat these steps as a non-admin user.

    Note that the relationship record is not displayed

    The list may contain a message that one or more rows were removed due to security constraints

 

Workaround

If non-admin users need to have visibility to this content, tadd a new Read ACL for sys_history_line to grant access.
 

Related Problem: PRB692288

Seen In

Fuji Patch 12 Hot Fix 1
Fuji Patch 13 Hot Fix 1
Fuji Patch 3
Geneva Patch 4
Geneva Patch 7
Geneva Patch 8 Hot Fix 1
Helsinki Patch 0 Hot Fix 1
Helsinki Patch 1 Hot Fix 1
Helsinki Patch 3
Helsinki Patch 4

Fixed In

Madrid

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-05-21 11:39:27
Published:2018-07-04