Last Modified: Apr 10, 2019
See more info
Known Affected Versions:
5.4.0, 5.4.0 HF1, 5.4.0 HF2
Opened: Nov 15, 2017
A custom role in relaxed mode that contains Address List resources grants read permissions to both Network Security, Local Traffic and Network services.
Users will have read permissions for all objects in the Network Security, Shared Security, Local Traffic and Network services areas regardless of the role intent to use only the Network Security or Network version of the Address Lists. This may be an unexpected and undesired consequence of having Address Lists reside in both the Network Security and Network service areas.
A user is assigned a role that is in relaxed mode and contains the Address List resource in it's associated resource group.
A workaround is available that requires the Address List resources be contained in a strict role and that role associated with the user along with another relaxed role that does not explicitly contain the Address List resources.