Profile picture for user Leanne Wotton

Hi All, 

Just wondering if anyone has had the same issue before I raise an Empower incident. 

We are having an issue where users are unable to move models to a folder which they have created themselves, even though they have read + write privilege assigned. 

Here are some scenarios:

1. Admin user creates folder - Modeller can move models successfully. 

2. Modeller creates a new folder - they can also create new models & store them successfully 

3. Modeller creates a new folder but is unable to move existing models to this folder. - The same privileges are applied to this new folder - The error message 'You need additional access privileges for this operation' appears.

I have also checked & the same privileges are being applied to all folders, no matter who creates them. So unsure why the above error message is displayed only when a modeller wants to move to a new folder they have created.

Not sure, if this is a bug or if anyone else has come across this issue. Any advice would be appreciated. 

Thanks, 

Leanne

 

 

by Michael Hubbard
Posted on Fri, 06/09/2023 - 17:12

I would ask "what are the privileges on the Folder the Modeller is trying to move the model FROM"? We use  Baseline Folders that the Modellers ONLY have Read access to. They cannot MOVE models from the Baseline Folders, but can Copy and Paste as a "Working Copy" of the model.

Maybe you could provide a print screen of privileges of all the Folders and Modelers involed. That would probably be helpful to try and figure this out.

1
by Martin Schröder
Badge for 'Contributor' achievement
Posted on Mon, 06/12/2023 - 16:59

Hello Leanne,

in order to move a model the user would need the delete privilege on the source group/folder. So behaviours 2. and 3. are consistent with the modeller role having read + write privileges, but not delete.

However 1. seems to break the concept of privilege inheritance: an Admin user with all or more privileges than a modeller creating the target group

  • should not change the behaviour for the modeller
  • would not be able to change the privileges of the modeller role on the source group retrospectively.

This should be reason to raise a problem report with SAG support.

Have you tested the scenario 1. against a read-only user?

Regards, Martin

0
by Leanne Wotton Author
Posted on Tue, 06/13/2023 - 09:24

Hi, 

The users have R+W priviliege. So my expectation is that they should be able to move/edit the folders but not delete them. 

It's strange that it seems that they can move things into the folders already created or create models within a folder & only have R+W privileges - it just seems to be the move function that doesn't work for them.

I will raise as with SAG. 

Thanks, 

Leanne

 

1
by M. Zschuckelt
Posted on Mon, 06/26/2023 - 15:53

You need R+W on the target folder and R+W+D on the source folder. From the perspective of the source folder you are performing a delete operation for the models and objects moving out.

If you could do the move operation without the Delete privilege you could escalate your privileges by moving things to a folder where you have delete privilege and delete the objects there.

Please also check the privileges on the groups that the modellers created. It could be, that the creator of a group individually obtains full RWD privileges for that group, if he did not have any "individual" privileges on the parent group, but only privileges of his user group.

0

Featured achievement

Question Solver
Share your expertise and have your answer accepted as best reply.
Recent Unlocks
  • CR
  • BH
  • Profile picture for user Ivan.Ivanov.softwareag.com
  • Profile picture for user mscheid
  • MS
  • PacMan

Leaderboard

|
icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock