Fortify SSC authentication through LDAP not recognizing appropriate permissions

Hello everyone,

Our system has a Fortify SSC authentication scheme which is directly tied to our LDAP group authentication scheme. In the roles in Fortify, we have setup some user-defined roles. These user-defined roles map to specific LDAP groups. The system-defined roles also map to some groups. 

The error which repeatedly occurs is that the people with the user-defined roles try and view the scan errors (the error number on the artifact which is encircled in red and pulls up a list of error locations when you click on it) on an application FPR, it says that the user does not have the "Generate Reports" and/or "View Application Scans" permissions enabled. However, I have double and triple-checked the LDAP group associated with this role and the role permissions themselves. The role permissions include "Generate Reports" and "View Application Scans". Therefore, the user who is in this LDAP group should be able to have these permissions and therefore be able to see the scan errors.

Furthermore, I have noticed that this is not a problem with the "system-defined" roles. 

My questions are as follows:

1. Are there any permissions that could override these specific permissions?

2. Is there a setting that is specific to user-defined roles that I may be missing?

The resolution I am looking for is to simply ensure those roles that have the permissions to view scan errors are allowed to do so. 

Thank you!

Parents Reply Children
  • Hi, 

     Would also be helpful to get a list of all the permissions associated with the role you created.  Also if universal access is checked off or not.  We can attempt to recreate the role here if not I would follow Kruthi's advice and get a ticket open with the logs.   I also very much doubt this has anything to do with LDAP.