ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Whenever an user open the GSS console they are seeing different permission each time.

book

Article ID: 200402

calendar_today

Updated On:

Products

Ghost Solution Suite

Issue/Introduction

After upgrading from DS 6.9 to GSS 3.3 RU4 it was noticed that they could not see all of the jobs they should be able to see when they run the console.  While digging in this issue, it was found that if the user closes and opens the GSS Console (Full console, not web console), sometimes multiple times, they will eventually see the jobs.  Sometimes it was found that a user will not be able to see jobs after several times opening the console and we will have to reboot the GSS server.  It was found that the permissions are not always more restrictive, sometimes they have had users have access to all jobs in the console and even be able to edit the jobs. 

Cause

Known Issue. This issue can happen when multiple users with different permissions are concurrently using the GSS Console. There is a code that uses 2 different temporary SQL tables and there is no proper code to protect the permissions of different users there, hence there could be a improper entries in the temp tables.

Environment

GSS 3.3 RU3, RU4

Resolution

This issue has been reported to the Symantec Development team. A fix has been added to the next GSS 3.3 release (currently targeted for GSS 3.3 RU5).

There is a workaround for customers in GSS 3.3 RU3 and RU4

See attached SQL drop-in: NEW_sel_event_tree.sql

For workaround installation:
1. If possible, close all GSS consoles
2. Enter into MS SQL Management Studio under owner of our DB
3. Save original version of 'sel_event_tree' stored procedure
4. Execute attached script (NEW_sel_event_tree.sql)
5. restart 'SQL Server' service

To rollback changes - everything is the same, but:
1. revert the original procedure
2. execute: GRANT EXECUTE ON sel_event_tree TO PUBLIC

Attachments

1601317639262__NEW_sel_event_tree.sql get_app