You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Shawn McKinney (JIRA)" <ji...@apache.org> on 2015/03/01 12:58:04 UTC
[jira] [Created] (FC-74) DSD checking on hierarchical relationships
incorrect
Shawn McKinney created FC-74:
--------------------------------
Summary: DSD checking on hierarchical relationships incorrect
Key: FC-74
URL: https://issues.apache.org/jira/browse/FC-74
Project: FORTRESS
Issue Type: Bug
Affects Versions: 1.0.0-RC39
Reporter: Shawn McKinney
Fix For: 1.0.0-RC40
Manually testing of fortress detected that did constraints between roles can be bypassed via inheritance.
For example this constraint:
sdset name="Demo2DSD"
description="ROLE_TEST DATA roles are mutually exclusive" cardinality="2"
setType="DYNAMIC"
setmembers="PAGE1_123,PAGE1_456,PAGE1_789,
PAGE2_123,PAGE2_456,PAGE2_789,
PAGE3_123,PAGE3_456,PAGE3_789"/>
can be bypassed thru these inheritance relationships:
<relationship child="PERSON1" parent="ROLE_PAGE1"/>
<relationship child="PERSON1" parent="PAGE1_123"/>
<relationship child="PERSON1" parent="PAGE1_456"/>
<relationship child="PERSON1" parent="PAGE1_789"/>
and then assigning to user:
userrole userId="anyuser" name="PERSON1"
when user 'any user' logs on, and activate person1 role, which bypasses the constraint checks for dad on the roles person1 inherits.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)