APAR status
Closed as program error.
Error description
Problem Summary: API user can retrieve item they only have user access to Problem Description: API user can retrieve item they only have user On the first retrieval of the item, a user who only has user access to the item can retrieve that item, even though the API access is assumed to be Contributor. One effect of this is that the next time the user retrieves the item, they are denied access. For example: com.ibm.workplace.wcm.api.exceptions.AuthorizationException: IWKPY1015X: Unauthorised access by {PrincipalInformation: {dn: anonymous_user, memberId: anonymous_user_id, displayName: , name: , locale: null, isValidUser: true, isUser: Type: User, isUserLazyLoaded: false}, 1, {false, {userAccess={}}, {editorAccess={}}, {managerAccess={}}, [anonymous_user%anonymous_user_id, all_users%all_users_group_id, anonymous_user%anonymous_user_id]}} - IWKPY1016X: Unauthorised access on en by [anonymous portal user] at com.ibm.workplace.wcm.api.WCM_Workspace.getById(WCM_Workspace.ja va:2206)
Local fix
Set Workspace.useUserAccess
Problem summary
API USER CAN RETRIEVE ITEM THEY ONLY HAVE USER ACCESS TO
Problem conclusion
WCM changed to check access to the item even well pulled directly from JCR.
Temporary fix
Comments
APAR Information
APAR number
PK96509
Reported component name
LOTUS WEB CONT
Reported component ID
5724I2900
Reported release
61B
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-09-17
Closed date
2009-09-18
Last modified date
2009-09-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
LOTUS WEB CONT
Fixed component ID
5724I2900
Applicable component levels
R61A PSY
UP
R61B PSY
UP
[{"Business Unit":{"code":"BU051","label":"N\/A"},"Product":{"code":"SUPPORT","label":"IBM Web Content Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1.0.2","Line of Business":{"code":"LOB33","label":"N\/A"}}]
Document Information
Modified date:
20 December 2021