Unable to get review artifacts when logging with a specific user

Hello,

In our project we need to add a review (c_reviewArtifact) to EM and be able to retrieve it for display, we add this artifact successfully with no problem, when retireving this artifact with Http get method to this URL

http://c9t21567.itcs.hpecorp.net:8080/em/platform/restSecure/artifact/c_reviewArtifact/<reviewId>?alt=application/atom+xml

where <reviewId> is the Id of the review to be retrieved

 

when retrieving it with my user Private Info Erased which has solution owner role the data of the review returned successfully but when trying to retrieve it with another user "Private Info Erased" which is normal user without solution owner or admin roles we get this error

 

"Principal Private Info Erased has no permission to get artifact of uuid bea98634-0f9f-4a3c-804f-db3f53f7d913. Security for non-governed artifacts is defined by domain default access rights. For governed artifacts, security is defined by lifecycle process. User can lose access rights to a governed artifact when it moves to the next lifecycle stage."

The complete stack trace for the error is attached.

So why do we get this error, is there some missing configuration in EM for this normal user or for the review artifact itself

 

Thanks,

Hossam.

Tags:

  • Hi Hossam,
      you just need to correctly specify permissions for this artifact (as mention in the error message). Until the second user can't see (read) the artifact it won't work for you. It's basic security restriction on artifacts.

    Hope it helps,
      Petr

  • Hello Petr,

    I tried to specify permissions for artifact 'c_reviewArtifact' by going to my domain in EM interface and from the left menu choose 'Default Access Rights' and from the panel 'Read/Write Access' I clicked button 'Add Read/Write Access rule' which directed me to a new page in which I should choose the artifact type, but I didn't find artifact 'c_reviewArtifact' in the menu, only found aritfacts of type 'Application components' , 'Application Collaborations' and things like that, so is this the correct way to set permissions for artifact and how to find artirfact of type c_reviewArtifact to set permissions for it?

  • Yes, this is the correct way how to set the permissions for any newly created artifact. Your c_reviewAetifact is technical name please look for Display Name you specified in your extension.

    For already existing artifacts you have to set the permissions on particular artifact instances.

    Last but not least please ensure the artifact is share across domains or the other user has access to the domain where artifacts are created.

    Hope it helps,
      Petr

  • Hello,

    Sorry as I am newbie in EM, I have found the display name for c_reviewArtifact object from EM workbench, it's "Implementation and Migration" I attached a screen shot for it, from EM interface in domain "topLevelDomain" 'I have set 'Read' permission to artifact "Implementation and Migration" for all roles and even for group "system#everyone", the other user that has the issue is in role 'catalog User' which is included and applied this rule to all existing artifacts and still unfortunately getting the same error, also please note that the review artifact I create is in domain "topLevelDomain" and also the other user that has the issue is also in domain "topLevelDomain", so is there some missing configuration in EM ? or something is wrong in creating the permission rule ?

  • Hi,
      first of all please update your settings so you have at the roles (from any domain) like you can see it at the other artifacts.

    Second do nto forget to check apply on existing artiacts.

    Basicaly default role for any regular user is Catalog User so you can update only this role in order to make it work.

    Hope it helps,
      Petr

  • Hello Petr,

    I always check ''apply for existing artifacts' and ensured that I updated read permission for 'Catalog User' role, but what is the settings do you mean to apply to be like other artifacts and from where in EM to apply them ?

    also worth to mention that we have API 'getReviewArtifacts' which returns review objects given product Id, it returns all the reviews from all users when I call it using a user that has solution owner role but when I call it with the user that has the issue it returns only the reviews that he himself made before

  • Hi Hossam,
      here are the steps I did in the product in order to make it work:

    1. As admin created new user - user1 - and gave it catalog user permission in completely sepparate domain - DomainA
    2. As admin created artifact - Artifact1 - in different domain - DomainB and make another change so it has at least 2 revisions
    3. As admin I changed settings on top-level domain default access rights (see attached screenshot) and applied it on existing artifacts
    4. Logged in as user1 and checked Artifact1 and its revisions and was able to see everything even though the artifact comes from domain I do not have access to
  • Hi Hossam,
      here are the steps I did in the product in order to make it work:

    1. As admin created new user - user1 - and gave it catalog user permission in completely sepparate domain - DomainA
    2. As admin created artifact - Artifact1 - in different domain - DomainB and make another change so it has at least 2 revisions
    3. As admin I changed settings on top-level domain default access rights (see attached screenshot) and applied it on existing artifacts
    4. Logged in as user1 and checked Artifact1 and its revisions and was able to see everything even though the artifact comes from domain I do not have access to
  • Hi Hossam,
      here are the steps I did in the product in order to make it work:

    1. As admin created new user - user1 - and gave it catalog user permission in completely sepparate domain - DomainA
    2. As admin created artifact - Artifact1 - in different domain - DomainB and make another change so it has at least 2 revisions
    3. As admin I changed settings on top-level domain default access rights (see attached screenshot) and applied it on existing artifacts
    4. Logged in as user1 and checked Artifact1 and its revisions and was able to see everything even though the artifact comes from domain I do not have access to