ID: 0951
Title: table servicegroups: fixed service visibility when using group_authorization
AUTH_STRICT
Component: Livestatus
Level: 1
Class: Bug Fix
Version: 1.2.5i5
This only applies with the setting group_authorization = AUTH_STRICT
When an auth user was given the livestatus table servicegroups did not check if the auth
user had permissions to all objects of the servicegroup.
As a result the user was able to view servicegroups, even if he was not a contact for
every object in it.
However, the "forbidden" object itself was not returned, just a subset of the
group.
This was incorrect. The user needs to be contact of every element in this group.
Otherwise he should not see the group at all..
Show replies by date