Jump to content

Urgent: Defect with CI permissions

Dan Munns

Recommended Posts

Hi all, 

Since the update yesterday the way CI permissions are dealt with has changed. Allow used to take precedence (and I raised an issue around this previously) but now Deny seems to take precedence which means that many of our CIs are now not visible to anyone. 

I have a team with all our staff in so that we can make use of the visibility functionality. This team is allowed on most of the CIs, but CIs which are only for certain teams have All Staff set to deny. The team is then set to allow and this has worked fine until yesterday. Now the only way I can make the CIs visible is to set the All Staff list to allow which I cant do as it will show all CIs which we dont want. 

Can this be looked at and fixed as a matter of urgency please?

@Victor @Steven Boardman @Ehsan

Link to comment
Share on other sites

Hi @Dan Munns, just had a look at it using the current build and it appears to be working as designed. If you a user is explicitly assigned to the Service and then excluded from the CI then that trumps all other configuration for that user, but this is by design.

Have you enabled the new setting com.hornbill.servicemanager.services.subscriptions.allowSubgroupsInclusion which takes it further by including hierarchy in it's decision and that could be the reason for the change in behaviour you're seeing?

Link to comment
Share on other sites

@Chaz I havent changed any settings. I performed the update last night (this morning maybe 0100 ish) and when I came in this morning was told a number of CIs had disappeared.

The defect was reported by myself in Nov, and accepted as a defect so I don't know what has changed since then. 

We have now built a number of services which rely on this functionality working the way it did in Nov after the fix was released. 



Link to comment
Share on other sites

@Dan Munns the scenario we found and deployed a fix for was this:

  • Multiple teams support a Service and are included as subscribers to the catalog
  • When configuring the catalog's visibility, exclude the first team in the list from being able to see it (any others wouldn't be considered because the first already granted visibility)

Is you configuration different from this? As you have a success plan, it may be worth raising a support request for this issue.

Link to comment
Share on other sites

@Chaz I have raised an incident ticket already. 

My issue is this: 


On the service that this CI resides in I have two lists; All Staff and the team. 

The All Staff list is excluded from this CI but can use all other CIs within the service. The team can use this and all other CIs within the service. 

This used to work fine until today. 

Now, because the users in the team are also within the All Staff list, they are denied access to the CI. 

This has impacted almost all of our services and as such has generated a large number of calls. 

If possible can you roll back the update on my instance until this has been resolved?

Link to comment
Share on other sites

Managed to resolve this after reaching out to Dan, we'll have something ready early next week in the App Store as a permanent fix.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...