End users are able to access tickets from other tenants through CA Service Management Mobile Application

Article Id: 127535

Status: Published

Updated On: 25-11-2019 05:41

Products:

CA Service Management - Asset Portfolio Management , CA Service Management - Service Desk Manager

Issue/Introduction:

Important information:

- Multi-Tenant environment.
- Mobile Access enabled.

End users from a specific tenant are being able to access ticket from other tenants. It causes a lot of security concerns, because customers use CA Service Management for different internal customers and related end users.

Environment:

Clarity Service Management 17.1
Clarity Service Management 17.0

Resolution:

When implementing CA Service Management Mobile Application, pay attention to the Access Types and Roles you have configured. When configuring the related Access Types, the field "REST Web Service API Role" manages the security layer for the mobile access. Depending the way you set the role intended to that field, end users will be able to access ticket from other tenants.

Additional Information:

Verify the Prerequisites for CA Service Management Mobile Application
Security and Role Management