Unable to download an attached file prior to saving the ticket
Article ID: 106057
Updated On:
Products
SUPPORT AUTOMATION- SERVER
CA Service Desk Manager - Unified Self Service
CA Service Desk Manager
CA Service Management - Asset Portfolio Management
CA Service Management - Service Desk Manager
Issue/Introduction
After upgrading Service Desk from 14.1.03 to 17.1, end users started experiecing an issue when downloading attachments prior saving an incident, problem, issue, change order or configuration item.
The error message bellow appears in stdlog:
rep_daemon 6148 ERROR DomWrap.c 894 Access to BOP Name: 'Attachment id:643507' denied for user: 'end.user' Class:'CDownloadFile'
The error message bellow appears in stdlog:
rep_daemon 6148 ERROR DomWrap.c 894 Access to BOP Name: 'Attachment id:643507' denied for user: 'end.user' Class:'CDownloadFile'
Environment
Service Desk 17.1
Service Desk 17.0
Service Desk 14.1 (since CF4)
Service Desk 17.0
Service Desk 14.1 (since CF4)
Cause
Starting with 14.1.04 the access to the parent object of the attachment when a download is attempted is being enforced. Since the ticket is not saved there is no valid pared so the user is blocked from downloading the attachment. This change was added in CF4, where the somebody was able to get a valid bopsid and send requests to SDM and download attachments attached to documents that the user didn't have access to. The solution for the mentioned security issue was to ensure that the user has access to the ticket that the attachment belongs to before allowing the attachment to be server.
Resolution
Save the ticket and download the attachment.
Feedback
Yes
No
Powered by
