Create IP Ranges Link Is Available For CSR Investigator When URL Is Accessed / Bookmarked (Doc ID 1083622.1)

Last updated on AUGUST 07, 2013

Applies to:

Oracle Adaptive Access Manager - Version 10.1.4.5 and later
Information in this document applies to any platform.

Symptoms

Although the access permission to Create IP Ranges is denied for the CSR Investigator, the user with role CSR Investigator is able to create an IP Range if the url is accessed or bookmarked.

Steps to reproduce:
-----------------------------
1. Make sure there is a user whose role is CSR Investigator
2. Login with the user to find there is "List IP Range" but not "Create IP Range" from Menu Admin --> Groups
3. So far good untill step 3
4. But when you access say 'http://<ipaddress>/arm/createIPCluster.do" directly in the browser, the CSR Investigator is able to create an IP range, which should not be allowed
5. This privilege is not existing for CSR Investigator when checked in BharosaACL.xml as we see below.


<AccessRole name="CSRInvestigator">
<Access type="deny">
.
.
.
.
<AccessPerm activeFlag="true">fa.menu.admin.iprange.createiprange</AccessPerm>
</Access>


6. So the issue is, even though the access permissions are denied for the CSR Investigator, the user with role CSR Investigator only is able to create an IPRange if the url is accessed or bookmarked.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms