Notifications

181 views

Description

Unexpected result after clone in tables User [ sys_user ] and Group[ sys_user_group] , Contacts [ customer_contact ] related tables.

Steps to Reproduce

After 7th Feb 2020 & Before 1st May 2020 the "Preserve users and related tables" functionality was enabled. When submitting Clone request by default "Preserve users and related tables" will be checked, as a result, this will Exclude and Preserve 'User' related tables data in the target instance.

The following tables are affected:

  • sys_user
  • sys_user_group
  • sys_user_grmember
  • sys_user_role
  • sys_user_has_role
  • customer_contact

Afterward, we experienced PRB1391196 - Clone with the option checked "Preserve users and related tables" leaves the record with missing references on tables related to role inheritance on the target instance. The decision was made to disable the feature until it is fixed.

After 1st May 2020: We disabled the "Preserve users and related tables" functionality. [Even if this "Preserve users and related tables" checked OR NOT, this will not Exclude and Preserve User related data in target instance].

Our sincere apologies for the quick changes in the cloning process, we will be adding this information in Clone Change Requests too.

Workaround

The next question is what is the best way to Exclude and Preserve Users n related tables now?

Please create the following Excludes:

  • sys_user
  • sys_user_role
  • sys_user_has_role
  • sys_user_group
  • sys_user_grmember
  • sys_group_has_role
  • sys_user_role_contains
  • customer_contact [Only if you have the Customer Service Management plugin installed]

This will not bring over any users from the source instance or any of the references to groups and roles, but now you need to preserve the sys_user in the target instance, but something that many people forget is you also need to preserve roles, groups and also the links from users to roles and groups, this is a common mistake and after cloning you are missing the admin role and cannot log in, this is because the links to the roles are missing.

Now you should create these Preservers: (Add any conditions depending on your requirements)

  • sys_user
  • sys_user_role
  • sys_user_group
  • sys_user_grmember
  • sys_user_has_role
  • sys_group_has_role
  • sys_user_role_contains
  • customer_contact [Only if you have the Customer Service Management plugin installed]

This will preserve all the users, roles, and groups in the target instance, but it will also preserve the permissions of those users to those groups and roles.


Related Problem: PRB1387853

Seen In

SR - IRM - GRC Profiles - Madrid 2019 Q2
SR - IRM - Policy and Compliance - Madrid 2019 Q2
SR - IRM - Risk Management - New York 2019 Q3
SR - IRM - SIG Assessment Legacy - Madrid 2019 Q1
SR - IRM - Vendor Risk Management - Madrid 2019 Q1
SR - Security - Integration Framework - Madrid 2019 Q2
SR - Security - Support Common - Madrid 2019 Q2
SR - Security - Support Orchestration - Madrid 2019 Q2
SR - SIR - Store SecOps Setup Assistant - Madrid 2019 Q2
SR - VR - Rapid7 - London 2019 Q2 v.6.2.1
SR - VR - Vulnerability Response - New York 2019 Q3
SR - VR - Vulnerability Response PA Content - Madrid 2019 Q2

Fixed In

Orlando Patch 3
Paris

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2020-09-18 15:58:25
Published:2020-09-16