Inconsistent view/edit permissions on sub-connections

Published 10 years ago

Not sure the subject does describe it appropriately, also not sure this is a bug or a feature :-)

Let's say I have a parent node P where access permissions are applied. Beneath P, I have a node N for an RDP session with security inherited from P. As my effective permissions on P are set to View-only, when I try to edit N, RDM will tell me that I don't have edit permissions. Good.

Now if there is a sub-connection S beneath N which inherits access permissions from P (via N), I can open S for editing (CTRL-E or Properties) and change settings for S. I can even click OK after changing S. Then, RDM will let me do the same for properties of N because it opened the settings dialog for N behind S. Only when I click OK on N will it tell me that I don't have edit permissions.

I'm not sure whether P is required in this scenario or the same would happen if access permissions would be applied to S directly (I'm just describing my setup). To me, this appears like a security hole - any user who can see N can look into properties of S and N, although he can't change anything at the end.

Best regards, Thomas.

All Comments (7)

Hubert Mireault

Published 10 years ago

Hello Thomas,

We've been able to reproduce the issue and will work on a fix. I'll keep you updated.

Regards,

Hubert Mireault

Hubert Mireault

Published 10 years ago

This will be fixed in the next version of RDM.

Regards,

Hubert Mireault

Published 10 years ago

Hello Hubert,

this hasn't changed in 11.1.0. But 11.1 may have been released already when you posted, and "next version" is in a 11.1.x beta? I'll check the behavior again when I upgrade and will keep you updated.

Best regards, Thomas.