You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@continuum.apache.org by "Philippe Busque (JIRA)" <ji...@codehaus.org> on 2010/04/30 22:50:12 UTC

[jira] Created: (CONTINUUM-2515) Permission leak when deleting group

Permission leak when deleting group
-----------------------------------

                 Key: CONTINUUM-2515
                 URL: http://jira.codehaus.org/browse/CONTINUUM-2515
             Project: Continuum
          Issue Type: Bug
          Components: Security
    Affects Versions: 1.3.6
            Reporter: Philippe Busque


Create a Project group.
Add projects to it.
Delete the group.

All the roles and permissions created for the projects and groups remain in the Database and interface, with no way to delete them.
Over time, when many groups are created and deleted for versioning, this create a lot of orphans permissions and roles that slows down access.

The only way to purge those orphan roles are to delete them directly in the database, a task that is complicated by the various table relations.

When deleting a group, the associated permissions and role should be automatically deleted or at the very least, prompted for deletion.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Closed: (CONTINUUM-2515) Permission leak when deleting group

Posted by "Brett Porter (JIRA)" <ji...@codehaus.org>.

     [ http://jira.codehaus.org/browse/CONTINUUM-2515?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brett Porter closed CONTINUUM-2515.
-----------------------------------

    Resolution: Duplicate
      Assignee: Brett Porter

closing as a duplicate of the related issues - we do intend to provide a way to clean them up in future, but for now this is by design.

> Permission leak when deleting group
> -----------------------------------
>
>                 Key: CONTINUUM-2515
>                 URL: http://jira.codehaus.org/browse/CONTINUUM-2515
>             Project: Continuum
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 1.3.6
>            Reporter: Philippe Busque
>            Assignee: Brett Porter
>
> Create a Project group.
> Add projects to it.
> Delete the group.
> All the roles and permissions created for the projects and groups remain in the Database and interface, with no way to delete them.
> Over time, when many groups are created and deleted for versioning, this create a lot of orphans permissions and roles that slows down access.
> The only way to purge those orphan roles are to delete them directly in the database, a task that is complicated by the various table relations.
> When deleting a group, the associated permissions and role should be automatically deleted or at the very least, prompted for deletion.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira