Screen permission on product GUI should not be used as a security safeguard for import jobs.

Technote (troubleshooting)


Problem(Abstract)

Screen permission prohibits certain non-administrator users from having access to various attributes on WPC. Customers have reported that, in spite of having screen permission set up for WPC's user interface, these users were able to modify the data in the restricted-access attributes by running an import job that contains values for these attributes.

Cause

Screen permission is only a security feature for the product user interface. It prohibits user access to various fields through the GUI. However, if the user is allowed to have scripting access, which includes import console access (since import is essentially scripting), there is virtually very limited security set against that user. The native WPC import rule provides only ACG access, file format check and import approver (not usually used by WPC clients). Thus, if the user is allowed to have access to this import console (either create or run a new import job), and if he or she has followed all the "rules" (correct ACG group and file format), he or she will have access to all fields of, say, a certain catalog through the import job, since WPC doesn't verify the content of the import being performed. However, when user goes back to the GUI again after finishing the import job, they will still not be able to modify the data through the GUI, although the data showing on GUI at this point has already been altered via the import job.

Resolving the problem

The only way to achieve this type of granular security control is through custom import scripts. Support does not provide this type of service. Please contact your local IBM Professional Service Team for fee-based assistance. Otherwise, not allowing the user to run any import job is the best alternate choice to prevent security breach on WPC.

Cross reference information
Segment Product Component Platform Version Edition
Information Management InfoSphere Master Data Management Server for Product Information Management AIX, Linux, Solaris 6.0, 9.0, 9.1
Information Management InfoSphere Master Data Management Collaboration Server AIX, Linux, Solaris 10.0

Product Alias/Synonym

MDMCS
Infosphere Master Data Management Collaboration Server
WPC
MDMPIM
MDM Server for PIM
WebSphere Product Center
InfoSphere MDM Server for PIM
InfoSphere Master Data Management Server for Product Information Management

Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere Product Center
Import/Export

Software version:

5.3.2

Operating system(s):

AIX, Linux, Solaris

Reference #:

1291906

Modified date:

2012-11-01

Translate my page

Machine Translation

Content navigation