IBM Support

PK96509: PROBLEM SUMMARY: API USER CAN RETRIEVE ITEM THEY ONLY HAVE USER ACCESS TO

 

APAR status

  • Closed as program error.

Error description

  • Problem Summary: API user can retrieve item they only have user
    access to
    
    Problem Description:
    API user can retrieve item they only have user
    
    On the first retrieval of the item, a user who only has user
    access
    to the item can retrieve that item, even though the API access
    is assumed to be
    Contributor.
    
    One effect of this is that the next time the user retrieves the
    item, they are
    denied access.
    
    For example:
    com.ibm.workplace.wcm.api.exceptions.AuthorizationException:
    IWKPY1015X:
    Unauthorised access by {PrincipalInformation: {dn:
    anonymous_user,
    memberId: anonymous_user_id, displayName: , name: , locale:
    null,
    isValidUser: true, isUser: Type: User, isUserLazyLoaded: false},
    1,
    {false, {userAccess={}}, {editorAccess={}}, {managerAccess={}},
    [anonymous_user%anonymous_user_id, all_users%all_users_group_id,
    anonymous_user%anonymous_user_id]}} - IWKPY1016X: Unauthorised
    access on en by [anonymous portal user]
           at
    com.ibm.workplace.wcm.api.WCM_Workspace.getById(WCM_Workspace.ja
    va:2206)
    

Local fix

  • Set Workspace.useUserAccess
    

Problem summary

  • API USER CAN RETRIEVE ITEM THEY ONLY HAVE USER
    ACCESS TO
    

Problem conclusion

  • WCM changed to check access to the item even well pulled
    directly from JCR.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PK96509

  • Reported component name

    LOTUS WEB CONT

  • Reported component ID

    5724I2900

  • Reported release

    61B

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2009-09-17

  • Closed date

    2009-09-18

  • Last modified date

    2009-09-18

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    LOTUS WEB CONT

  • Fixed component ID

    5724I2900

Applicable component levels

  • R61A PSY

       UP

  • R61B PSY

       UP

[{"Business Unit":{"code":"BU051","label":"N\/A"},"Product":{"code":"SUPPORT","label":"IBM Web Content Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1.0.2","Line of Business":{"code":"LOB33","label":"N\/A"}}]

Document Information

Modified date:
20 December 2021