Showing results for 
Search instead for 
Do you mean 
Community Home Request Access Read Blogs Share Your Ideas Search Community View My Settings
Reply
Copper Elite Contributor
Posts: 40
Registered: ‎03-31-2010

Incorrect Security access for new users created via Web Administrator

We had a scenario where a new user created in the Web Administrator was getting access to records owned by Teams the user was not a part of.  It turned out that the new user had many additional (wrong) secrights records.  Not sure if they were copied from the template or existing user but here's how we were able to resolve:

 

SLX27 was the user created in Web Administrator. 

slx27b was created in Lan Administrator.

 

 

delete 
--select sr.* 
from secrights sr
where sr.accessid in (select ui.userid from userinfo ui where upper(ui.username) like 'SLX 27')
  and sr.seccodeid not in (select goodsr.seccodeid from secrights goodsr, userinfo goodui where goodsr.accessid = goodui.userid and goodui.username like 'slx27b' )
  and sr.seccodeid not in (select us.defaultseccodeid from usersecurity us where us.userid = sr.accessid);

 

 After we deleted the extraneous secrights records access was restored to what it should be.

 

Obviously the normal caveats apply to any sql statement with the word DELETE in it.

 

James.

 

James Sutton
Copper Contributor
Posts: 12
Registered: ‎04-01-2009

Re: Incorrect Security access for new users created via Web Administrator

What version of SLX?

 

I know this was a defect I have seen before and it was fixed after a hotfix.

Highlighted
Copper Elite Contributor
Posts: 40
Registered: ‎03-31-2010

Re: Incorrect Security access for new users created via Web Administrator

8.1 webcore 3
James Sutton