Bug #12202
openTask #12195: Permission related issues when creating a limited permission user
Unnecessary configuration API call is sent when try to install a app via app store
100%
Description
Environment details
620 cloud server
Prerequisites
limited permission user
permission list [1]
Steps
create a role with below permission set [1] and assign i to a new user.
Go to app store
select an app
click on "subscribe" button
select install or uninstall
Note: Refer the video [2]
video is attached to the file section of the ticekt.
Description
Upon selecting install or uninstall it shows an error occurred.
The user have a limited set of permissions.
There is a API call sent for configurations.
User does not have permission for this API call. hence it returns 403 and the error [3].
There is no need to send a configuration API call with loading install or uninstall tables( without this api call, the app was installed on device side).
Note: check if this configuration API call is needed elsewhere.
Note: Refer the video [2]
Result
[2] Refer the video
[3]
[1]
{
"roleName":"PRIMARY/limitedPermRole",
"permissions":[
"/permission/admin/device-mgt/device-type/features/view",
"/permission/admin/device-mgt/device-type/config/view",
"/permission/admin/device-mgt/device-type/view",
"/permission/admin/device-mgt/devices/disenroll/android",
"/permission/admin/device-mgt/devices/enroll/android",
"/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device",
"/permission/admin/device-mgt/devices/owning-device/activities/view",
"/permission/admin/device-mgt/devices/owning-device/features/view",
"/permission/admin/device-mgt/devices/owning-device/add",
"/permission/admin/device-mgt/devices/owning-device/operations/view",
"/permission/admin/device-mgt/devices/owning-device/operations/android/file-transfer",
"/permission/admin/device-mgt/devices/owning-device/operations/android/alternate-install",
"/permission/admin/device-mgt/devices/owning-device/operations/android/applications",
"/permission/admin/device-mgt/devices/owning-device/operations/android/location",
"/permission/admin/device-mgt/devices/owning-device/operations/android/info",
"/permission/admin/device-mgt/devices/owning-device/operations/android/install-app",
"/permission/admin/device-mgt/devices/owning-device/details/view",
"/permission/admin/device-mgt/devices/owning-device/view",
"/permission/admin/device-mgt/devices/operations/status-update",
"/permission/admin/device-mgt/admin/device-type/modify",
"/permission/admin/device-mgt/admin/device-type/view",
"/permission/admin/device-mgt/admin/device-type/config",
"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/admin/devices/usage/view",
"/permission/admin/device-mgt/admin/devices/permanent-delete",
"/permission/admin/device-mgt/metadata/view",
"/permission/admin/device-mgt/metadata/update",
"/permission/admin/device-mgt/metadata/create",
"/permission/admin/device-mgt/whitelabel/view",
"/permission/admin/app-mgt/life-cycle/application/approve",
"/permission/admin/app-mgt/life-cycle/application/create",
"/permission/admin/app-mgt/life-cycle/application/reject",
"/permission/admin/app-mgt/life-cycle/application/block",
"/permission/admin/app-mgt/life-cycle/application/review",
"/permission/admin/app-mgt/life-cycle/application/retire",
"/permission/admin/app-mgt/life-cycle/application/deprecate",
"/permission/admin/app-mgt/life-cycle/application/publish",
"/permission/admin/app-mgt/store/application/view",
"/permission/admin/app-mgt/store/application/modify",
"/permission/admin/app-mgt/store/subscription/install",
"/permission/admin/app-mgt/store/subscription/uninstall",
"/permission/admin/app-mgt/store/admin/subscription/view",
"/permission/admin/app-mgt/store/admin/subscription/modify",
"/permission/admin/app-mgt/publisher/admin/application/update",
"/permission/admin/app-mgt/publisher/application/view",
"/permission/admin/app-mgt/publisher/application/update",
"/permission/admin/app-mgt/publisher/application/upload"
],
"removedPermissions":[
]
}
Files