Werk #951: table servicegroups: fixed service visibility when using group_authorization AUTH_STRICT

Component

Livestatus

Title

table servicegroups: fixed service visibility when using group_authorization AUTH_STRICT

Date

Jul 10, 2014

Level

Trivial Change

Class

Bug Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

1.2.5i5 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.2.5i5 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.2.5i5 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.2.5i5 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.2.5i5 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.2.5i5 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.2.5i5 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.2.5i5 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.2.5i5	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

This only applies with the setting group_authorization = AUTH_STRICT

When an auth user was given the livestatus table servicegroups did not check if the auth user had permissions to all objects of the servicegroup. As a result the user was able to view servicegroups, even if he was not a contact for every object in it. However, the "forbidden" object itself was not returned, just a subset of the group. This was incorrect. The user needs to be contact of every element in this group. Otherwise he should not see the group at all..

To the list of all Werks