2 Replies Latest reply on Aug 4, 2011 11:51 AM by Bill Robinson

    ACL Templates authorizations

    Gerardo Bartoccini


      I have noticed something while creating an ACL template which looks incorrect to me.

      I have experienced this on BL 8.0 SP10.


      Warning: I am talking about the authorizations that define the ACL template content, not the ones that define its permissions.


      If I click on the '+' icon in order to add authorizations to the ACL template, NO MATTER which role I choose, I always see all authorizations on the left window (which I don't think it's correct), and I am able to add all of them to the right window, even if they are NOT enabled for that particular role.


      So, in my test, I have tried and added all authorizations for a role X which hasn't got all authorizations enabled.

      Having done this, if I use the ACL template as an "Object Permissions Template" for a role Y, it will add all permissions to the created object for role X.


      Assume role X has got only Server.Read in its authorizations.

      Due to my "wrong" ACL template, I can add Server.* for role X when role Y creates a server.

      After this, if I check permissions for that server, I can see:

      Role Y     Server.*

      Role X     Server.*


      However, if I try and browse the server with role X, it fails because its role doesn't allow this.


      Does this make sense? Is this an expected behavior?