Micro Focus Expert
Micro Focus Expert
413 views

GW Access Control List Question

Good afternoon,
 
I had a question from my customer regarding an Distribution List that has an ACL on it, and the fact that a user can message that Distribution list. The only potential hook is that the user in question has proxy rights to resources that are in the ACL.
 
Here's the full description:
 
UserA, sends a message to the Distribution List, SiteName_Everyone , the Everyone List has an ACL on it, which should be restricting UserA, however; UserA has Proxy Rights to Resources that are in the ACL.
 
This is GW 2014, is this expected behavior, or is this a Bug/Issue?
 
Thank you, if more information is needed/requested please let me know.
 
-Daniel
Labels (1)
0 Likes
6 Replies
Micro Focus Expert
Micro Focus Expert

Daniel,

I don't have a GW 14 system currently running but I did just run a quick test with the 18.3 beta.

1. Created a GW group with all PO users in it. 

2. Created the ACL with just two users given rights, userA , and userB

3. Created a new resource and assigned userC as the owner of the resource.

4. Logged in as userC and tried to send a message to the restricted group.  

Results: A message shows up telling me the group is restricted and I can't use it.

So it looks like the ACL restriction is in effect even if the sender owns a resource that is a member of the group.   If GW 14.x behaves differently then I think it probably was a bug that has been corrected.

 

Bert

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

I did not know this side effect. However it sounds interesting and I will play around with it. I am not sure if I should call it feature or bug 🤣

I assume that you meant ACL for a distribution list, not the part Bert is trying.

 

Diethmar Rimser
This community is more powerful if you use Likes and Solutions
0 Likes
Micro Focus Expert
Micro Focus Expert

Good morning 

 

Correct the ACL for the distribution list. Trying to confirm that the user in question, UserA, was attempting to send the message, and not the proxy resource that he has access too. 

 

Thank you, 

-Daniel 

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

No, this "feature" did not happen to me. However I play around with GW18.3

UserA is owner of ResA,
UserB is owner of ResB, UserA does not have any access control for ResB.

There is a distribution list DisA, which contains UserA, UserB, ResA and ResB. UserA is allowed to use this DisA. But nothing changed in my system - UserA is not able to proxy to ResB.

Now I have enhanced the rights. UserA is allowed to change DisA. But UserA is not able to proxy to ResB.

Is this the case you want to find out, @dschaldenovell ?

Diethmar Rimser
This community is more powerful if you use Likes and Solutions
0 Likes
Micro Focus Expert
Micro Focus Expert

Good day, 

 

Okay having just spoken with the customer, we're going to proceed in one of three ways:

1.) Remove UserA from the Resources and see if the ACL for the Dist List is effective

2.) Create a new Dist List, with similar ACL, and test to see if the UserA is unable/able to send to that Dist List. 

3.) See if the above work arounds can be used for the time being, and attempt to bring the customer too GroupWise 2018-1.1(They are currently GW 2014)  which is still supported on OES 2015 Sp1. 

 

Thank you, 

 

-Daniel 

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

I assume that you checked the resource if ACL for general access is not enabled 😉

Diethmar Rimser
This community is more powerful if you use Likes and Solutions
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.