Anonymous Login
2020-08-08 05:49 PDT

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0000798v2.4 Release (Closed)[All Projects] Generalpublic2011-08-16 23:39
Assigned Tocaseydk 
StatusclosedResolutionno change required 
Product Version 
Target VersionFixed in Version2.4 
Summary0000798: Adding single deny rule in role leaves users blind to all modules
Description1.)Create custom role
2.)Add access+view to all non-admin modules
Results=100% Working
3.)Add extra rule to deny user access+view to companies
Results=User blind to all modules
4.)Remove deny rule
Result=User still blind to all modules

Fix: Remove original allow rule for non-admin modules and re-apply it
Consequences: Impossible to do blanket allow statement and then selectively apply deny rules to specific modules
Adding individual modules

Clearing all rules and then adding each individual module with it's own allow rule also leaves the user blind so the only option is to give all users access to non-admin modules.
TagsNo tags attached.
Attached Files




caseydk (administrator)

When a 'Deny' is applied, we immediately recalculate and apply permissions based on the assumption that you should immediately lose access to anything included.

When a 'Deny' is removed, we don't immediately recalculate permissions based on the assumption that you're probably tuning permissions. We err on the side of safety.

To really remove this Deny, the user has to log out and log back in. That clears the permissions cache and rebuilds it.

-Issue History
Date Modified Username Field Change
2011-05-09 08:22 unc0nnected New Issue
2011-05-21 22:23 caseydk Project v2.2 Release (Closed) => v2.4 Release (Closed)
2011-08-07 17:48 caseydk Note Added: 0002125
2011-08-07 17:48 caseydk Status new => resolved
2011-08-07 17:48 caseydk Resolution open => no change required
2011-08-07 17:48 caseydk Assigned To => caseydk
2011-08-16 23:39 caseydk Status resolved => closed
2011-08-16 23:39 caseydk Fixed in Version => 2.4
+Issue History