APAR status
Closed as program error.
Error description
Security Hole. Scenario: 1. Can use SmDemo. 2. Create Group1 with following permissions: Projects - Full permissions. Documents - Full permission. EXCEPT: Deny View operation on Released and Obsolete states. Links Classes - Full permissions. 3. Create User1 and assign with Group1. 4. Login ST with User1. 5. Create a Document object with a file and Release it. 6. On the Released Document, open Viewer tab. ==> OK: Get message on Viewer tab: Unauthorized operation. An unauthorized attempt was made to perform 'View' operation... 7. Now initiate a Process on this Document. 8. Open the Workflow Process view. 9. Select the Document object in the Flow Process and open Viewer tab. ==> KO: Viewer is opened. File can be viewed. Expected: Viewer should not be authorized. Behavior should be consistence in Document Tree view and in Flow Process View. .
Local fix
Problem summary
Security Hole Security Hole. Scenario: 1. Can use SmDemo. 2. Create Group1 with following permissions: Projects - Full permissions. Documents - Full permission. EXCEPT: Deny View operation on Released and Obsolete states. Links Classes - Full permissions. 3. Create User1 and assign with Group1. 4. Login ST with User1. 5. Create a Document object with a file and Release it. 6. On the Released Document, open Viewer tab. ==> OK: Get message on Viewer tab: Unauthorized operation. An unauthorized attempt was made to perform 'View' operation... 7. Now initiate a Process on this Document. 8. Open the Workflow Process view. 9. Select the Document object in the Flow Process and open Viewer tab. ==> KO: Viewer is opened. File can be viewed. Expected: Viewer should not be authorized. Behavior should be consistence in Document Tree view and in Flow Process View. .
Problem conclusion
THIS PROBLEM WILL BE FIXED ON SMARTEAM VERSION 5 RELEASE 19 SP01 LEVEL. Default TEXTAREA value goes here .
Temporary fix
Comments
APAR Information
APAR number
HD71425
Reported component name
SMARTEAM NT>XP
Reported component ID
569199970
Reported release
517
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-02-11
Closed date
2008-05-15
Last modified date
2008-06-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SMARTEAM NT>XP
Fixed component ID
569199970
Applicable component levels
R518 PSN SP51805
UP08/06/02 I 1000
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS2S3T","label":"ENOVIA SmarTeam V5"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"517","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 June 2008