Restricting Access by Role|ORG not working. V6

Hi all,

I've tried the docs to implement restriction by Role and ORG but failed.



I'm running the paid instance v6.0.1 on AWS. I've tried both [js] and [authz] tags. None is working for me.

<js:authorize ifAllGranted="ROLE_USER|kfc">...</js:authorize>
<authz:authorize ifAllGranted="ROLE_USER|kfc">...</authz:authorize>

However, if I remove the ORG part and only restrict by Role, that works for me.

Is there anything I did wrong or it's a bug?

xin.zhang's picture
Joined: Mar 8 2015 - 6:39pm
Last seen: 8 years 5 months ago

Hi marianol, Thanks for your inputs. I got it there're two types of roles, one global and the other under certain orgs. Now I just tried create a new role under an org and it seems still not working.

Steps to reproduce/verify:

  1. Create an org called "kfc";
  2. Create a role within "kfc" called "ROLE_USER_KFC";
  3. Put some testing html codes in dashboard within the authorize tags 
  4. Login as jasperadmin under kfc;
  5. Still cannot see the testing codes created in step 3;
  6. Now change the above ifAllGranted value to "ROLE_USER" and I can see the testing codes.

The above happens for both js and authz tags. Any thoughts on this?

xin.zhang - 8 years 5 months ago

Let me try to replicate this so i can look into it... it may be a bug.

marianol - 8 years 5 months ago

1 Answer:

I will try to replicate this but a couple of questions to see if the problem is not in the Org/role setup.

Is XYZ the Organization ID or the Organization Name? in the autz: tag you need to use OrganizationID not the name.

Do you have a ROLE_USER created under Organization xyz? Remember that in JRS the Roles can be at the top level or ar the ORG level. The ROLE_USER that is already created by default in the repository is a top level role, not an organization level role.

See the screenshot below  (logged in as superuser)..
You can see there that ROLE_NOUSER is an organzation level role (you can see the organization ID next to it); while ROLE_USER is a top level role ( i.e. no organization ID next to it) intherited by that Org

marianol's picture
Joined: Sep 13 2011 - 8:04am
Last seen: 4 years 11 months ago