After upgrading from DS 6.9 to GSS 3.3 RU4 it was noticed that they could not see all of the jobs they should be able to see when they run the console. While digging in this issue, it was found that if the user closes and opens the GSS Console (Full console, not web console), sometimes multiple times, they will eventually see the jobs. Sometimes it was found that a user will not be able to see jobs after several times opening the console and we will have to reboot the GSS server. It was found that the permissions are not always more restrictive, sometimes they have had users have access to all jobs in the console and even be able to edit the jobs.
Known Issue. This issue can happen when multiple users with different permissions are concurrently using the GSS Console. There is a code that uses 2 different temporary SQL tables and there is no proper code to protect the permissions of different users there, hence there could be a improper entries in the temp tables.
GSS 3.3 RU3, RU4
This issue has been reported to the Symantec Development team. A fix has been added to the next GSS 3.3 release (currently targeted for GSS 3.3 RU5).
There is a workaround for customers in GSS 3.3 RU3 and RU4
See attached SQL drop-in: NEW_sel_event_tree.sql
For workaround installation:
1. If possible, close all GSS consoles
2. Enter into MS SQL Management Studio under owner of our DB
3. Save original version of 'sel_event_tree' stored procedure
4. Execute attached script (NEW_sel_event_tree.sql)
5. restart 'SQL Server' service
To rollback changes - everything is the same, but:
1. revert the original procedure
2. execute: GRANT EXECUTE ON sel_event_tree TO PUBLIC