Karl Wright created CONNECTORS-1401:
---------------------------------------
Summary: Documentum Authority does not properly exclude ACLs that
include negative groups or users
Key: CONNECTORS-1401
URL: https://issues.apache.org/jira/browse/CONNECTORS-1401
Project: ManifoldCF
Issue Type: Bug
Components: Documentum connector
Affects Versions: ManifoldCF 2.5
Reporter: Karl Wright
Assignee: Karl Wright
Fix For: ManifoldCF 2.7
The Documentum Authority currently returns a list of ACL names, which it gets
using the following DQL query:
{code}
ELECT DISTINCT A.owner_name, A.object_name FROM dm_acl A WHERE
A.object_name NOT LIKE 'dm_%' AND (
(any (A.r_accessor_name IN ('" + strAccessToken + "', 'dm_world')
AND r_accessor_permit>2)
OR (any (A.r_accessor_name='dm_owner' AND A.r_accessor_permit>2)
AND A.owner_name=" + quoteDQLString(strAccessToken) + ")
OR (ANY (A.r_accessor_name in (SELECT G.group_name FROM dm_group G
WHERE ANY G.i_all_users_names = " + quoteDQLString(strAccessToken) + ")
AND r_accessor_permit>2)) )
{code}
The query should be modified to block all ACLs that have r_accessor_permit <=
2, since those are "denied" access.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
