ROLE_Administrator problems in CE 5.2

[bogartlisa]

I recently upgraded from 5.0 to CE 5.2 and am having a few odd problems surrounding administrative capablitities:

1.)  I am configured for LDAP auth and when I log in with an external LDAP account to which I have perviously assigned the ROLE_ADMINISTRATOR role, I notice that the ROLE_ADMINISTRATOR role is removed from the set of roles assigned to this user (I see that the role is removed in the JIUserRole table) and this user cannot perform the needed administrative functions.  I am forced to perform admin functions with one of the jasperserver internally defined userids which leads me to my next problem.

2.) When I log in as the jasperadmin account that has the ROLE_ADMINISTRATOR role in IE9, I sometimes do not have the Manage or View menu options. Seems to work fine so far in Firefox. I did not notice this issue prior to upgrading to 5.2. Clearing my cache does not seem to resolve the problem.  Sometimes the menu options appear and sometimes they do not.  I have yet to identify why they sometimes display and other times do not.  Thinking this could perhaps be related to sessions on the server???

[elizam]

The rules around manual assignment of internal roles for external users changed from 5.1 to 5.2.

General scenario: You have LDAP, you have a mapping that maps some external role or group in your LDAP to an internal role in JRS, in this case ROLE_ADMINISTRATOR. You can also manually assign ROLE_ADMINISTRATOR to an external user using the JRS interface. What happens if you remove the role in LDAP that maps to ROLE_ADMINISTRATOR in JRS? Or if you assign ROLE_ADMINISTRATOR to an external user that doesn't get it from your LDAP?

5.1 and earlier: The role assigned in JRS wins. So if you get ROLE_ADMINISTRATOR from your LDAP once, it is not removed, even if later you remove the "precursor" in your LDAP.  Also true of manual assignment.

5.2: The role in LDAP wins. So if you remove the "precursor" in LDAP, or if the user never had it, ROLE_ADMINISTRATOR gets removed in JRS. Also true of manual assignment.

This should only apply to roles that are configured in the context file. So one option would be to remove the mapping to ROLE_ADMINISTRATOR from your context file and assign the role manually. It should then stick.

I have no idea where (2) is coming from.  I suggest putting that in the tracker.

[maicotamanho]

Hello,

I had the same problem when upgrading from version 5.1 to 5.2.
Could circumvent the footsteps of the post below:
http://community.jaspersoft.com/wiki/internal-role-mapped-externally-authenticate-active-directory-user-through-ldap-got-deleted