Runbooks and Folders in the Orchestrator Console are available to users without proper rights

Article ID: 2805867 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Under certain circumstances, users accounts may be able to see content that they should not have access to based on permissions defined within the Runbook Designer when that content is provided via the Web Service.

Cause

When a limited access user logs in via the web console, they can gain the same group token that was created for a previously logged in user if they have common group memberships as another user that logged in. 

Resolution

A supported hotfix is now available from Microsoft. However, it is intended to correct only the problem that this article describes. Apply it only to systems that are experiencing this specific problem.

To resolve this problem, contact Microsoft Customer Support Services to obtain the hotfix. For a complete list of Microsoft Customer Support Services telephone numbers and information about support costs, visit the following Microsoft Web site: http://support.microsoft.com/contactus/?ws=support

More information

Example:

User A does not have rights to certain Runbooks, while User B does. When User A logs into the Orchestrator Console before User B does, he sees only the root folder as expected. The subfolder is not visible. User B then logs into an Orchestrator Console - on a different computer or the same computer. User B can see the subfolder, as expected. User A then refreshes their console - they can now see both the root AND the subfolder, which they should have not permission to see.
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2805867 - Last Review: March 19, 2013 - Revision: 2.2
Applies to
  • Microsoft System Center 2012 Orchestrator
  • Microsoft System Center 2012 Orchestrator Service Pack 1
Keywords: 
KB2805867

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com