Bug ID 894077: User can deploy an application using a template to which you did not explicitly specify permissions.

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IQ Applications(all modules)

Opened: Mar 30, 2020
Severity: 3-Major

Symptoms

When you assign a user to an Application Creator role, you specify the templates they can use to deploy applications. The user cannot deploy an application using templates to which you didn't assign access. When you want to allow a user to revise a deployed application, you assign that user to the custom Application Manager role for that application. When you assign that role, BIG-IQ gives that user permissions to the template that was used to deploy the application.

Impact

The user can create applications using templates that would were not assigned by the Application Creator role.

Conditions

The issue arises when you assign a user to both an Application Creator role and an Application Manager role. When you do that, the user will be able to deploy applications using not only the templates that you specified for the Application Creator role, but also, using the template that was used to deploy the application for which you assigned the Application Manager role.

Workaround

Their are two options: 1. Only allow users to only manage applications that they create. 2. Do not assign a user to both Application Manager and Application Creator roles. Note: When an Application Creator creates an application, BIG-IQ creates a custom Application Manager role for that Application and assigns the application creator to that role.

Fix Information

None

Behavior Change