Read-only users can replace agents using Admin perspective

book

Article ID: 209397

calendar_today

Updated On:

Products

CA Automic One Automation

Issue/Introduction

A user who has only read access in the authorizations tab of the user object definition, but who has the privilege to view the Administration Perspective is able to go to the Administration perspective and right-click an agent and replace that agent in jobs.

Steps to reproduce:
 1) Create a user with Authorization set to Read only for all objects and with all privileges checked
 2) Create a JOB with a non-read-only user and assign an agent
   3) Log in as read-only user from step 1
   4) Go to Administration perspective and to Agents & Groups
   5) Right-click the agent from step 2 above and choose "Replace"
   6) Replace with any agent on any or all objects in the popup
   
   Expected behavior: there should be an error stating that writing to the objects in step 5 is not allowed due to not having Write access

   Actual behavior: Agent is replaced in objects from step 5 above

Cause

Defect

Environment

Release : 12.3

Component : AUTOMATION ENGINE

Resolution

This will be fixed in a future release.

Workaround:

Remove the "Access to Administration" privilege from the user