[OPT-1660] Authorization check can fail if user exist in multiple engines Created: 29/Nov/18  Updated: 18/Apr/19  Resolved: 30/Nov/18

Status: Done
Project: Camunda Optimize
Component/s: backend
Affects Version/s: None
Fix Version/s: 2.3.0

Type: Bug Report Priority: L3 - Default
Reporter: Ragnar Nevries Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: EasyPick
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Title Keywords: authorization permissions


Say you have configured two engines, EA and EB, both using same user base (i.e. LDAP). Further, say AE grants optimize access to U while EB has not grant or a revoke for U.

Expected behaviour:
If U logs in, he will be granted to access optimize.

Current behaviour:
Non-deterministic, since check depends on the order in which engines are checked for authorizations.

Generated at Wed Nov 13 21:59:06 CET 2019 using JIRA 6.4.6#64021-sha1:33e5b454af4594f54560ac233c30a6e00459507e.