Loading...

XML

Word

Printable

Details

Type: Bug Report
Resolution: Fixed
Priority: L3 - Default
Fix Version/s: 7.18.0, 7.17.2, 7.16.9, 7.15.15, 7.18.0-alpha2
Affects Version/s: None
Component/s: engine
Labels:
- SUPPORT

Description

Environment (Required on creation):

Camunda Automation Platform 7.17.1

Description (Required on creation; please attach any relevant screenshots, stacktraces, log files, etc. to the ticket):

When deleting a tenant membership using IdentityService#deleteTenantUserMembership or IdentityService#deleteTenantGroupMembership all memberships for the tenant are deleted.

Steps to reproduce (Required on creation):

Enable Authorization
Create two groups
Create a tenant
Create memberships for each tenant and group combination
Delete one membership using IdentityService#deleteTenantGroupMembership

Observed Behavior (Required on creation):

All memberships related to the tenant are gone.

Expected behavior (Required on creation):

Only the membership related to the respective group/user and tenant is deleted.

Root Cause (Required on prioritization):

The WHERE condition in the SQL query doesn't restrict the deletion to the respective user or group.

Solution Ideas (Optional):

Use queries that restrict the deletion to a user or group.

Hints (optional):

The same misbehavior exists for deleting tenant <-> user memberships.
See PR: https://github.com/camunda/camunda-bpm-platform/pull/1902

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Activity

People

Assignee:: Tassilo Weidner

Reporter:: Tassilo Weidner

DRI:: Tassilo Weidner

Reviewer:: Nikola Koevski

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 04/May/22 8:45 AM

Updated:: 20/Jun/22 9:46 AM

Resolved:: 10/May/22 11:53 AM

Deleting a tenant membership is not limited to the user or group