Authorization issue

Topics: General Topic, MMC SnapIn, NetSqlAzMan Core
Jan 4, 2012 at 9:52 AM

Hello,

I have a strange issue in the NetSqlAzMan SnapIn. I am not sure if it is something I have misunderstood or a bug.

My definitions setup for reproducing the issue:

Role: MyRole
Tasks: MyTask1 and MyTask2
Operations: MyOperation1 and MyOperation2

MyRole has MyTask1 and MyTask2.
MyTask1 has MyOperation1 and MyOperation2.
MyTask2 has MyOperation1 and MyOperation2 (same as MyTask1)

The hierarchy is something like that:

MyRole
--MyTask1
----MyOperation1
----MyOperation2
--MyTask2
----MyOperation1
----MyOperation2

And my authorizations:

User1, either defined in ActiveDirectory or in database.

User1 has an allow authorization on MyRole.
User1 has a deny authorization on MyTask2.

In this setup, I expect User1 to have access to MyTask1 and its operations MyOperation1 and MyOperation2. In reality, User1 has access only to MyTask1 and not to its operations.

Can you tell me if am doing something wrong?

Thanks in advance.

Alexandre

My Setup:

•              NetSqlAzMan version: 3.6.0.10
•              NetSqlAzMan installed products: MMC SnapIn
•              Operating System version and installed languages: Windows 7 Ultimate English
•              Platform: x64
•              SQL Server version: 2008 Standard

Coordinator
Jan 4, 2012 at 10:16 AM

because in case of conflict, "deny" always wins.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Jan 4, 2012 at 11:16 AM

Hello Andrea,

Thank you for your quick reply.

If I have well understood, if I set a deny on a task, the operations that are defined in that task are denied. The others tasks where these operations are defined are also affected and denied. Right?

Regards,

Alexandre

Coordinator
Jan 4, 2012 at 11:35 AM

Exactly.

You got it right.

Andrea.