User without appropriate privileges / authorizations can activate LDAP connection via the System Overview in Java GUI

Document ID : KB000084586
Last Modified Date : 14/04/2018
Show Technical Document Details
Issue:
Error Message :
N/A

There are two users. In the test case JAC/SBB01 and TEST1/SBB01. User JAC/SBB01 has LDAP connection enabled and is not allowed to edit TEST1/SBB01 (in the test scenario he is not allowed to edit any USER object with name TEST1/SBB01):

0EM0N000001i07D.png

Log in as JAC/SBB01 and open TEST1/SBB01:

0EM0N000001i07N.png

As can be seen, it is read only (Save-Button is greyed out) and LDAP connection is not checked for TEST1/SBB01.

Now open the System Overview and right click on TEST1/SBB01, select Activate LDAP connection:

0EM0N000001i07S.png

Now open TEST1/SBB01 again. LDAP connection is now checked:

0EM0N000001i07X.png

I.e. even though JAC/SBB01 is not allowed to edit TEST1/SBB01, it was possible to modify it via Activate LDAP connection in the System Overview.
Cause:
Cause type:
Defect
Root Cause: The LDAP setting of users can be activated/deactivated via the context menu without write authorization.
Resolution:
Update to a fix version listed below or a newer version if available.

Fix Status: In Progress

Fix Version(s):
Automation Engine 12.2.0 - Planned release date: 2018-06-19
Automation Engine 12.1.2 - Planned release date: 2018-05-21
Automation Engine 12.0.5 - Planned release date: 2018-05-07
Automation Engine 11.2.8 - Planned release date: 201
Additional Information:
Workaround :
N/A