2 Replies Latest reply on Aug 4, 2011 11:51 AM by Bill Robinson

    ACL Templates authorizations

    Gerardo Bartoccini

      Hi,

      I have noticed something while creating an ACL template which looks incorrect to me.

      I have experienced this on BL 8.0 SP10.

       

      Warning: I am talking about the authorizations that define the ACL template content, not the ones that define its permissions.

       

      If I click on the '+' icon in order to add authorizations to the ACL template, NO MATTER which role I choose, I always see all authorizations on the left window (which I don't think it's correct), and I am able to add all of them to the right window, even if they are NOT enabled for that particular role.

       

      So, in my test, I have tried and added all authorizations for a role X which hasn't got all authorizations enabled.

      Having done this, if I use the ACL template as an "Object Permissions Template" for a role Y, it will add all permissions to the created object for role X.

       

      Assume role X has got only Server.Read in its authorizations.

      Due to my "wrong" ACL template, I can add Server.* for role X when role Y creates a server.

      After this, if I check permissions for that server, I can see:

      Role Y     Server.*

      Role X     Server.*

       

      However, if I try and browse the server with role X, it fails because its role doesn't allow this.

       

      Does this make sense? Is this an expected behavior?