Bug ID 799005: A RADIUS user no longer automatically becomes a member of a previously created RADIUS user group

Last Modified: Nov 17, 2020

Bug Tracker

Affected Product:  See more info
BIG-IQ Platform(all modules)

Known Affected Versions:
5.4.0, 5.4.0 HF1, 5.4.0 HF2, 6.0.1, 6.0.1.1, 6.0.1.2, 6.1.0, 7.0.0, 7.0.0.1, 7.1.0, 7.1.0.1, 7.1.0.2

Opened: Jun 26, 2019
Severity: 3-Major

Symptoms

Prior to BIG-IQ version 8.0.0, all RADIUS users were automatically members of a BIG-IQ RADIUS user group with no authorization attributes.

Impact

Beginning with BIG-IQ version 8.0.0, a newly created RADIUS user group must have at least one authorization attribute. Only users having all the group's authorization attributes will be members of the group. After you upgrade to BIG-IQ 8.0.0 or later, any existing RADIUS user groups without any authorization attributes will contain no members. They will therefore serve no purpose. All existing RADIUS users will have no authorization to access BIG-IQ functionality through the default membership in a group.

Conditions

Create a RADIUS authentication provider and a RADIUS user group with no authorization attributes.

Workaround

Create a user group with the necessary authorization attributes to provide users with permissions granted by the roles the group is in. A user associated with the Administrator role can make these changes to the RADIUS authentication provider (user groups).

Fix Information

None

Behavior Change

Prior to BIG-IQ version 8.0.0, all RADIUS users were automatically members of a RADIUS user group with no authorization attributes. Beginning with BIG-IQ version 8.0.0, a newly created RADIUS user group must have at least one authorization attribute. Only users having all the group's authorization attributes will be members of the group. After you upgrade to BIG-IQ 8.0.0 or later, any existing RADIUS user groups without any authorization attributes will contain no members. They will therefore serve no purpose. All existing RADIUS users will have no authorization to access BIG-IQ functionality through the default membership in a group.