We use cookies to ensure that we give you the best experience on our website.  Visit our Privacy Policy to learn more. If you continue to use this site, we will assume that you are okay with it.

Your choices regarding cookies on this site.
Your preferences have been updated.
In order for the changes to take effect completely please clear your browser cookies and cache. Then reload the page.

Werk #6551: Fixed missing permission checking during 'Discard changes'

TitleFixed missing permission checking during "Discard changes"
Date2018-09-06 14:44:18
Checkmk EditionCheckmk Raw Edition (CRE)
Checkmk Version1.4.0p36,1.6.0b1,1.5.0p4
LevelProminent Change
ClassBug Fix
CompatibilityCompatible - no manual interaction needed

Users with reduced privileges that have access to WATO e.g. for managing their own hosts in specific folders have access to the "Activate changes" page for activating their config changes. On that page there is a button "discard changes" which can be used to undo the configuration changes that have been made since the last activation.

A limitation of this feature is that it can only revert the whole configuration at all, not only the configuration made by this user. A permitted user would discard all changes, even the ones made by others in the moment he clicks on discard changes.

The activation mechanism is aware of the situation where others have made changes. Users that are not permitted to activate foreign changes are not able to activate their changes in this situation and get a warning message about this.

However, the discard changes action was missing such a check which allowed those users to discard the changes of others while they should not be allowed to do so.

The discard changes action is now using the same logic as the activate changes action for checking whether or not a user is allowed to do this.