Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-14627

Deleting a tenant membership is not limited to the user or group

XMLWordPrintable

      Environment (Required on creation):

      Camunda Automation Platform 7.17.1

      Description (Required on creation; please attach any relevant screenshots, stacktraces, log files, etc. to the ticket):

      When deleting a tenant membership using IdentityService#deleteTenantUserMembership or IdentityService#deleteTenantGroupMembership all memberships for the tenant are deleted.

      Steps to reproduce (Required on creation):

      1. Enable Authorization
      2. Create two groups
      3. Create a tenant
      4. Create memberships for each tenant and group combination
      5. Delete one membership using IdentityService#deleteTenantGroupMembership

      Observed Behavior (Required on creation):

      All memberships related to the tenant are gone.

      Expected behavior (Required on creation):

      Only the membership related to the respective group/user and tenant is deleted.

      Root Cause (Required on prioritization):

      The WHERE condition in the SQL query doesn't restrict the deletion to the respective user or group.

      Solution Ideas (Optional):

      Use queries that restrict the deletion to a user or group.

      Hints (optional):

        This is the controller panel for Smart Panels app

              tassilo.weidner Tassilo Weidner
              tassilo.weidner Tassilo Weidner
              Tassilo Weidner Tassilo Weidner
              Nikola Koevski Nikola Koevski
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: