partofaplan85 Contributor.
Contributor.
4413 views

Fortify SSC authentication through LDAP not recognizing appropriate permissions

Hello everyone,

Our system has a Fortify SSC authentication scheme which is directly tied to our LDAP group authentication scheme. In the roles in Fortify, we have setup some user-defined roles. These user-defined roles map to specific LDAP groups. The system-defined roles also map to some groups. 

The error which repeatedly occurs is that the people with the user-defined roles try and view the scan errors (the error number on the artifact which is encircled in red and pulls up a list of error locations when you click on it) on an application FPR, it says that the user does not have the "Generate Reports" and/or "View Application Scans" permissions enabled. However, I have double and triple-checked the LDAP group associated with this role and the role permissions themselves. The role permissions include "Generate Reports" and "View Application Scans". Therefore, the user who is in this LDAP group should be able to have these permissions and therefore be able to see the scan errors.

Furthermore, I have noticed that this is not a problem with the "system-defined" roles. 

My questions are as follows:

1. Are there any permissions that could override these specific permissions?

2. Is there a setting that is specific to user-defined roles that I may be missing?

The resolution I am looking for is to simply ensure those roles that have the permissions to view scan errors are allowed to do so. 

Thank you!

0 Likes
5 Replies
Highlighted
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Fortify SSC authentication through LDAP not recognizing appropriate permissions

Hello ,

Which version of SSC are you using ?  I tried creating user definied roles in 17.2  with "View Application  Versions " and " Generate report"  and I was able to view issues as well as generate report logged in as the user who is only part of that role.

I dont see "view application scan"  permission as you stated in SSC.

Thanks

0 Likes
partofaplan85 Contributor.
Contributor.

Re: Fortify SSC authentication through LDAP not recognizing appropriate permissions

Thanks for responding. You're correct. It is  "View Application Versions". The Fortify version I am having this problem on is Fortify 17.10. The "Access denied" message remains even if I add those permissions to a role. 

0 Likes
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Fortify SSC authentication through LDAP not recognizing appropriate permissions

I would suggest opening a support ticket as it requires more investigation (looking at logs) on why you are getting access denied. Are those users part of any other role that could be overriding the permissions ?

Thanks

0 Likes
partofaplan85 Contributor.
Contributor.

Re: Fortify SSC authentication through LDAP not recognizing appropriate permissions

Each group is only tied to one role, so it looks like there aren't any overriding roles that are overriding the permissions.

0 Likes
mlacasse Super Contributor.
Super Contributor.

Re: Fortify SSC authentication through LDAP not recognizing appropriate permissions

Hi, 

 Would also be helpful to get a list of all the permissions associated with the role you created.  Also if universal access is checked off or not.  We can attempt to recreate the role here if not I would follow Kruthi's advice and get a ticket open with the logs.   I also very much doubt this has anything to do with LDAP.  

-mark

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.