Project

General

Profile

Actions

Bug #10535

open

Bug #10558: Scope issues on staging server

Roles created/updated on super tenant does not contain some scopes

Added by Arshana Atapattu 10 months ago. Updated 9 months ago.

Status:
New
Priority:
High
Assignee:
Start date:
19/01/2024
Due date:
% Done:

0%

Estimated time:
Device Type:
Component:
Type:

Description

Environment details
6.0.0 server

Prerequisites
none

Steps
Get the scopes of super admin role and role with all permissions

Description
For super admin these scopes [1] are returned.
For role with all permission [2] these scopes are returned.

these are the changes between these two [3]

This issue was reproducing on the staging environment initially and it was assumed due to 401 errors thrown when creating/updating roles that some scopes were not returned on the super tenant. This was able to be reproduce on a local pack when creating new roles consecutively and restarting the pack (related issue - https://roadmap.entgra.net/issues/10600)

Result

[1] {
"data": {
"userScopes": "admin:tenant:view am:admin:app:install am:admin:app:uninstall am:admin:pub:app:review:view am:admin:pub:app:update am:admin:store:app:review:update am:admin:store:app:sub:modify am:admin:store:app:sub:view am:pub:app:update am:pub:app:view am:pub:sp:app:view am:pub:sp:attach am:pub:sp:connect am:pub:sp:create am:pub:sp:detach am:store:app:modify am:store:app:review:update am:store:app:review:view am:store:app:sub:install am:store:app:sub:uninstall am:store:app:view am:store:vpp:assets:modify am:store:vpp:assets:view am:store:vpp:user:modify am:store:vpp:user:view and:conf:manage and:conf:view and:devices:enroll and:enterprise:modify and:enterprise:view and:ops:add-google-acc and:ops:alternate-install and:ops:app-list and:ops:authenticate-acc and:ops:change-LockTask and:ops:change-lock-code and:ops:clear-app and:ops:clear-password and:ops:conf-display-msg and:ops:control-camera and:ops:device-info and:ops:enterprise-wipe and:ops:file-transfer and:ops:location and:ops:lock-devices and:ops:mute and:ops:password-policy and:ops:reboot and:ops:ring and:ops:send-app-restrictions and:ops:send-notif and:ops:set-webclip and:ops:suspend-package and:ops:unlock-devices and:ops:update-default-sim and:ops:upgrade-firmware and:ops:wipe cm:cert:add cm:cert:delete cm:cert:details:get cm:cert:verify cm:cert:view dm:activity:get dm:admin dm:admin:device-type:conf:add dm:admin:device-type:modify dm:admin:device-type:view dm:admin:devices:permanent-delete dm:admin:devices:usage:view dm:admin:devices:view dm:admin:enrollment:update dm:conf:manage dm:conf:view dm:device-type:conf:view dm:device-type:deploy dm:device-type:event:modify dm:device-type:event:view dm:device-type:features:view dm:device-type:view dm:device:enroll dm:devices:app:view dm:devices:compliance:view dm:devices:delete dm:devices:details dm:devices:enrollment-guide:view dm:devices:features:view dm:devices:ops:view dm:devices:policy:view dm:devices:search dm:devices:status:change dm:devices:update dm:devices:view dm:devicestatusfilter:update dm:devicestatusfilter:view dm:geo:alerts:manage dm:geo:an:view dm:geo:geo-fence:manage dm:metadata:create dm:metadata:remove dm:metadata:update dm:metadata:view dm:notif:mark-checked dm:notifications:view dm:policies:view dm:sign-csr dm:whitelable:update dm:whitelable:view gm:admin:groups:add gm:admin:groups:count gm:admin:groups:view gm:devices-types:view gm:devices:add gm:devices:assign gm:devices:count gm:devices:remove gm:devices:view gm:groups:add gm:groups:count gm:groups:device:view gm:groups:groups-view gm:groups:remove gm:groups:update gm:groups:view gm:roles:share gm:roles:view ios:conf:manage ios:conf:view ios:dep:add ios:dep:view ios:devices:enroll ios:ops:app-attributes ios:ops:app-conf ios:ops:boolean-setting ios:ops:clear-passcode ios:ops:enterprise-wipe ios:ops:location ios:ops:lock ios:ops:notif ios:ops:ring ios:ops:wallpaper ios:ops:wipe mac:ops:restart mac:ops:shutdown openid pm:policies:activate pm:policies:add pm:policies:change pm:policies:deactivate pm:policies:details:view pm:policies:priorities:update pm:policies:remove pm:policies:update rm:roles:add rm:roles:combined:add rm:roles:delete rm:roles:details:view rm:roles:permissions:view rm:roles:update rm:roles:view rm:users:add um:admin:users:view um:roles:view um:users:add um:users:count um:users:cred:change um:users:delete um:users:details:view um:users:invite um:users:is-exist um:users:permission:view um:users:search um:users:update um:users:user-details:view win:conf:manage win:conf:view win:devices:enroll win:ops:disenroll win:ops:location win:ops:lock-devices win:ops:lock-reset win:ops:reboot win:ops:ring win:ops:wipe"
}
}

[2] {
"data": {
"userScopes": "admin:tenant:view am:admin:app:install am:admin:app:uninstall am:admin:pub:app:review:view am:admin:pub:app:update am:admin:store:app:review:update am:admin:store:app:sub:modify am:admin:store:app:sub:view am:pub:app:update am:pub:app:view am:pub:sp:app:view am:pub:sp:attach am:pub:sp:connect am:pub:sp:create am:pub:sp:detach am:store:app:modify am:store:app:review:update am:store:app:review:view am:store:app:sub:install am:store:app:sub:uninstall am:store:app:view am:store:vpp:assets:modify am:store:vpp:assets:view am:store:vpp:user:modify am:store:vpp:user:view and:conf:manage and:conf:view and:devices:enroll and:ops:add-google-acc and:ops:alternate-install and:ops:app-list and:ops:authenticate-acc and:ops:change-LockTask and:ops:change-lock-code and:ops:clear-app and:ops:clear-password and:ops:conf-display-msg and:ops:control-camera and:ops:device-info and:ops:enterprise-wipe and:ops:file-transfer and:ops:location and:ops:lock-devices and:ops:mute and:ops:password-policy and:ops:reboot and:ops:ring and:ops:send-app-restrictions and:ops:send-notif and:ops:set-webclip and:ops:suspend-package and:ops:unlock-devices and:ops:update-default-sim and:ops:upgrade-firmware and:ops:wipe cm:cert:add cm:cert:delete cm:cert:details:get cm:cert:verify cm:cert:view dm:activity:get dm:admin:device-type:conf:add dm:admin:device-type:modify dm:admin:device-type:view dm:admin:devices:permanent-delete dm:admin:devices:usage:view dm:admin:devices:view dm:admin:enrollment:update dm:conf:manage dm:conf:view dm:device-type:conf:view dm:device-type:deploy dm:device-type:event:modify dm:device-type:event:view dm:device-type:features:view dm:device-type:view dm:device:enroll dm:devices:app:view dm:devices:compliance:view dm:devices:delete dm:devices:details dm:devices:enrollment-guide:view dm:devices:features:view dm:devices:ops:view dm:devices:policy:view dm:devices:search dm:devices:status:change dm:devices:update dm:devices:view dm:devicestatusfilter:update dm:devicestatusfilter:view dm:geo:alerts:manage dm:geo:an:view dm:geo:geo-fence:manage dm:metadata:create dm:metadata:remove dm:metadata:update dm:metadata:view dm:notif:mark-checked dm:notifications:view dm:policies:view dm:sign-csr dm:whitelable:update dm:whitelable:view gm:admin:groups:add gm:admin:groups:count gm:admin:groups:view gm:devices-types:view gm:devices:add gm:devices:assign gm:devices:count gm:devices:remove gm:devices:view gm:groups:add gm:groups:count gm:groups:device:view gm:groups:groups-view gm:groups:remove gm:groups:update gm:groups:view gm:roles:share gm:roles:view grafana:api:view ios:conf:manage ios:conf:view ios:dep:add ios:dep:view ios:devices:enroll ios:ops:app-attributes ios:ops:app-conf ios:ops:boolean-setting ios:ops:clear-passcode ios:ops:enterprise-wipe ios:ops:location ios:ops:lock ios:ops:notif ios:ops:ring ios:ops:wallpaper ios:ops:wipe mac:ops:restart mac:ops:shutdown openid pm:policies:activate pm:policies:add pm:policies:change pm:policies:deactivate pm:policies:details:view pm:policies:priorities:update pm:policies:remove pm:policies:update um:admin:users:view um:roles:view um:users:add um:users:count um:users:cred:change um:users:delete um:users:details:view um:users:invite um:users:is-exist um:users:search um:users:update um:users:user-details:view win:conf:manage win:conf:view win:devices:enroll win:ops:disenroll win:ops:location win:ops:lock-devices win:ops:lock-reset win:ops:reboot win:ops:ring win:ops:wipe"
}
}

[3]
[3]

Diff link - https://www.diffchecker.com/Ph86A1ba/


Files

Screenshot from 2024-01-19 10-33-05.png (1.19 MB) Screenshot from 2024-01-19 10-33-05.png [3] Arshana Atapattu, 19/01/2024 05:03 AM
Actions #1

Updated by Navod Zoysa 10 months ago

  • Description updated (diff)
Actions #2

Updated by Navod Zoysa 10 months ago

  • Subject changed from Super admin does not contain some scopes to Roles created/updated on super tenant does not contain some scopes
Actions #3

Updated by Oshani Silva 9 months ago

  • Project changed from product-uem 6.0.0 GA to product-uem 6.1.0 GA
Actions #4

Updated by Arshana Atapattu 9 months ago

  • Parent task set to #10558
Actions #5

Updated by Navod Zoysa 9 months ago

  • Description updated (diff)
Actions

Also available in: Atom PDF