Problem Note 64159: The monitor.incidentComponentSecurity.ignored property in SAS® Enterprise GRC might not work as expected
When you specify the following configuration property, SAS Enterprise GRC might enable a user with a lower security clearance to see an incident with a higher security classification:
monitor.incidentComponentSecurity.ignored = true
However, the web application might return an HTTP 500 error when the user tries to edit an incident with a higher security classification.
Below is an example of how to replicate this problem:
- In configdata.properties, set monitor.incidentComponentSecurity.ignored = true.
- Set the security clearance for the user X, such as "Available only to Senior Managers in Business Units."
- Log on as an administrator, and create an event that has higher security clearance, such as "Available only to Senior Managers in Head Quarters."
- Log on as user X, and try to edit the event. You see an HTTP 500 error.
Click the Hot Fix tab in this note to access the hot fix for this issue.
When you specify monitor.incidentComponentSecurity.ignored = true, you can prevent a user with a lower security clearance from seeing incidents containing a higher security classification by specifying the following new configuration property:
monitor.incidentQuery.confidentialityLevelEnabled = true
Operating System and Release Information
SAS System | SAS Enterprise GRC | Solaris for x64 | 6.1 | | 9.4 TS1M2 | |
Linux for x64 | 6.1 | | 9.4 TS1M2 | |
HP-UX IPF | 6.1 | | 9.4 TS1M2 | |
64-bit Enabled Solaris | 6.1 | | 9.4 TS1M2 | |
64-bit Enabled AIX | 6.1 | | 9.4 TS1M2 | |
Windows 7 Ultimate x64 | 6.1 | | 9.4 TS1M2 | |
Windows 7 Ultimate 32 bit | 6.1 | | 9.4 TS1M2 | |
Windows 7 Professional x64 | 6.1 | | 9.4 TS1M2 | |
Windows 7 Professional 32 bit | 6.1 | | 9.4 TS1M2 | |
Windows 7 Home Premium x64 | 6.1 | | 9.4 TS1M2 | |
Windows 7 Home Premium 32 bit | 6.1 | | 9.4 TS1M2 | |
Windows 7 Enterprise x64 | 6.1 | | 9.4 TS1M2 | |
Windows 7 Enterprise 32 bit | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows Server 2012 Std | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows Server 2012 R2 Std | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows Server 2012 R2 Datacenter | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows Server 2012 Datacenter | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows Server 2008 for x64 | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows Server 2008 R2 | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows Server 2008 | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows 10 | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows 8.1 Pro x64 | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows 8.1 Pro 32-bit | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows 8.1 Enterprise x64 | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows 8.1 Enterprise 32-bit | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows 8 Pro x64 | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows 8 Pro 32-bit | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows 8 Enterprise x64 | 6.1 | | 9.4 TS1M2 | |
Microsoft Windows 8 Enterprise 32-bit | 6.1 | | 9.4 TS1M2 | |
Microsoft® Windows® for x64 | 6.1 | | 9.4 TS1M2 | |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
When users have different security clearance levels, you might see unexpected behavior when monitor.incidentComponentSecurity.ignored = true in the configdata.properties file.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2020-01-10 14:50:00 |
Date Created: | 2019-05-06 04:17:19 |