Loading...

XML

Word

Printable

Type: Task
Resolution: Fixed
Priority: L3 - Default
Fix Version/s: 7.11.0
Affects Version/s: None
Component/s: engine
Labels:
None

7.2 update scripts (engine_7.2_to_7.3.sql) introduce global grant authorizations for some resources:

-- add global grant authorizations for new authorization resources:
-- DEPLOYMENT
-- PROCESS_DEFINITION
-- PROCESS_INSTANCE
-- TASK
-- with ALL permissions

INSERT INTO
  ACT_RU_AUTHORIZATION (ID_, TYPE_, USER_ID_, RESOURCE_TYPE_, RESOURCE_ID_, PERMS_, REV_)
VALUES
  ('global-grant-process-definition', 0, '*', 6, '*', 2147483647, 1),
  ('global-grant-task', 0, '*', 7, '*', 2147483647, 1),
  ('global-grant-process-instance', 0, '*', 8, '*', 2147483647, 1),
  ('global-grant-deployment', 0, '*', 9, '*', 2147483647, 1);

These entries interfere with newly introduced authorization tests.
(for example test that some operation fails due to missing Process Definition authorization, the operation succeeds now because every user is authorized with ALL permissions for PD.)

AT:

delete these authorizations after 7.2 update in migration tests (create new sql script to do so)
delete 7.2 authorization test
- https://github.com/camunda/camunda-bpm-platform/blob/master/qa/test-db-instance-migration/test-migration/src/test/java/org/camunda/bpm/qa/upgrade/scenarios720/authorization/AuthorizationTest.java
- https://github.com/camunda/camunda-bpm-platform/blob/master/qa/test-db-instance-migration/test-fixture-72/src/main/java/org/camunda/bpm/qa/upgrade/scenarios/authorization/AuthorizationScenario.java ?

Assignee:: Thorben Lindhauer
Reporter:: Yana Vasileva
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: 21/May/19 11:57 AM
Updated:: 21/May/19 3:52 PM
Resolved:: 21/May/19 3:37 PM

Details

Description

Attachments

Activity

People

Dates

Salesforce