Details
-
Bug
-
Resolution: Fixed
-
High
-
7.3.1
-
3
-
Severity 3 - Minor
-
Description
Issue Summary
The new Inspect permissions feature does not respect nested groups. This also applies to the "people who can view" feature.
Steps to Reproduce
- Use an external user directory server
- Have a user who is directly in group ChildGroup, which is a child group of ParentGroup
- Ensure the user is known to confluence, e.g. by logging in as them.
- Give ParentGroup permission to do something in Confluence. E.g. give ParentGroup access to view pages in a space
- Inspect permissions for the user
Expected Results
The permissions for the user should show that the user gets permissions from ParentGroup
Actual Results
The permissions for the user disregard permissions from ParentGroup
Impact & Workaround
To check if you are impacted by this issue, please run the following query on your database:
select s.spacekey as "SPACE KEY", parent.group_name as "PARENT GROUP WITH PERMISSIONS", child_group.group_name as "CHILD GROUP" from cwd_membership m, cwd_group parent, cwd_group child_group, spacepermissions perms left join spaces s ON perms.spaceid = s.spaceid where m.child_group_id is not null and m.parent_id = parent.id and m.child_group_id = child_group.id and parent.group_name = perms.permgroupname group by parent.group_name, s.spacekey, child_group.group_name;
If this query returns one or more results, then you are impacted and permissions assigned to the resulting parent/intermediate groups won’t be recognised by the People who can view or Inspect permissions features.
Please note that this doesn’t mean that these permissions aren’t enforced, it just means that the Inspect permissions and People who can view features will not reflect them.
If you are impacted by this issue, we recommend you go to Manage Apps and temporarily disable the Inspect Permissions - Gatekeeper system app. This will disable the People who can view and Inspect Permissions features, and prevent users and admins relying on information that is incorrect.
Attachments
Issue Links
- relates to
-
-
- Closed
-
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-