问题:
hybris UAC:拥有创建员工用户访问权限的员工无法创建员工
汝和裕
Hybris:1905.9(也用1905.12测试)
我创建了一个testEmployeeEmployee,密码为1234,使用下面的impex。我将testEmployee配置为拥有创建员工和客户的用户访问权限,以及查看用户组的权限。
通过Backoffice,这个testEmployee可以创建一个客户,但在尝试创建员工时会导致错误。
我错过了什么?我是否也需要向其他类型添加UAC权限?
注意事项:
- 一个
testBackofficeAdmin,属于backofficeadmin组不能创建一个雇员或一个客户 - OOTB
admin用户可以创建一个员工 - 属于
执行组的员工可以创建一个员工
弹劾:
$password=1234
INSERT_UPDATE Employee;UID[unique=true];password[default=$password];description;name;groups(uid);loginDisabled;backofficeLoginDisabled
;testEmployee;;description;name;employeegroup;false;false
;testBackofficeAdmin;;description;name;backofficeadmingroup;false;false
$START_USERRIGHTS;;;;;;;;;
Type;UID;MemberOfGroups;Password;Target;read;change;create;remove;change_perm
Employee;testEmployee;employeegroup;$password;;;;;;
;;;;Employee;+;+;+;+;;
;;;;Customer;+;+;+;+;;
;;;;UserGroup;+;-;-;-;;
$END_USERRIGHTS;;;;;
截图:
堆栈跟踪:
INFO [hybrisHTTP17] [fe80:0:0:0:0:0:0:1%1] [ConfigurableFlowController] Object sampleEmployee [sampleEmployee] could not be saved
com.hybris.cockpitng.dataaccess.facades.object.exceptions.ObjectSavePermissionException: Object sampleEmployee [sampleEmployee] could not be saved
at com.hybris.cockpitng.dataaccess.facades.object.impl.PermissionAwareObjectFacade.save(PermissionAwareObjectFacade.java:125) ~[cockpit-data-integration-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.dataaccess.facades.object.impl.DefaultObjectFacade.save(DefaultObjectFacade.java:137) ~[cockpit-data-integration-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.ConfigurableFlowController.persistWidgetProperty(ConfigurableFlowController.java:1132) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.ConfigurableFlowController.persistProperties(ConfigurableFlowController.java:531) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.ConfigurableFlowController.doDone(ConfigurableFlowController.java:882) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.ConfigurableFlowController.doDone(ConfigurableFlowController.java:869) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.listener.TransitionListener.onEvent(TransitionListener.java:43) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.renderer.ConfigurableFlowRenderer.lambda$createAndAppendButton$13(ConfigurableFlowRenderer.java:1145) [backoffice-widgets-19.05.12-RC5.jar:?]
at org.zkoss.zk.ui.AbstractComponent.onEvent(AbstractComponent.java:3177) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.AbstractComponent.service(AbstractComponent.java:3147) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.AbstractComponent.service(AbstractComponent.java:3089) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.impl.EventProcessor.process(EventProcessor.java:138) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.impl.UiEngineImpl.processEvent(UiEngineImpl.java:1846) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.impl.UiEngineImpl.process(UiEngineImpl.java:1618) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.impl.UiEngineImpl.execUpdate(UiEngineImpl.java:1321) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.au.http.DHtmlUpdateServlet.process(DHtmlUpdateServlet.java:611) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.au.http.DHtmlUpdateServlet.doGet(DHtmlUpdateServlet.java:487) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.au.http.DHtmlUpdateServlet.doPost(DHtmlUpdateServlet.java:495) [zk-8.6.0.1.jar:8.6.0.1]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660) [servlet-api.jar:?]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) [servlet-api.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:209) [spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at com.hybris.backoffice.mobile.filter.BackofficeMobileFilter.doFilter(BackofficeMobileFilter.java:56) [classes/:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at de.hybris.platform.servicelayer.web.WebAppMediaFilter.doFilter(WebAppMediaFilter.java:129) [coreserver.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:329) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$StatisticsGatewayFilter.doFilter(AbstractPlatformFilterChain.java:417) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at com.hybris.backoffice.security.BackofficeDynamicCatalogVersionActivationFilter.doFilter(BackofficeDynamicCatalogVersionActivationFilter.java:81) [classes/:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.DataSourceSwitchingFilter.doFilter(DataSourceSwitchingFilter.java:66) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.SessionFilter.doFilter(SessionFilter.java:96) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.session.HybrisSpringSessionFilter.doFilter(HybrisSpringSessionFilter.java:74) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at com.hybris.cockpitng.modules.spring.filter.ExternalModuleContextClassLoaderFilter.doFilter(ExternalModuleContextClassLoaderFilter.java:37) [cockpit-module-aggregator-19.05.12-RC5.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.RedirectWhenSystemIsNotInitializedFilter.doFilter(RedirectWhenSystemIsNotInitializedFilter.java:101) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.TenantActivationFilter.doFilter(TenantActivationFilter.java:83) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.Log4JFilter.doFilter(Log4JFilter.java:44) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at com.hybris.backoffice.filter.responseheaders.BackofficeResponseHeadersFilter.doFilter(BackofficeResponseHeadersFilter.java:31) [classes/:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain.processStandardFilterChain(AbstractPlatformFilterChain.java:207) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain.doFilterInternal(AbstractPlatformFilterChain.java:184) [coreserver.jar:?]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at de.hybris.platform.servicelayer.web.XSSFilter.processPatternsAndDoFilter(XSSFilter.java:358) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.XSSFilter.doFilter(XSSFilter.java:306) [coreserver.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) [catalina.jar:8.5.50]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [catalina.jar:8.5.50]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543) [catalina.jar:8.5.50]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [catalina.jar:8.5.50]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [catalina.jar:8.5.50]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [catalina.jar:8.5.50]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) [catalina.jar:8.5.50]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [catalina.jar:8.5.50]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609) [tomcat-coyote.jar:8.5.50]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-coyote.jar:8.5.50]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810) [tomcat-coyote.jar:8.5.50]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623) [tomcat-coyote.jar:8.5.50]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:8.5.50]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.5.50]
at java.lang.Thread.run(Thread.java:834) [?:?]
共有1个答案
冯庆
在进一步的入侵中,OOTB雇员组似乎没有权限创建雇员。此外,它也没有任何权限更改组属性。
如果您创建的用户组是employeegroup的成员,并明确定义了Employee的创建访问权限,它仍然无法将组分配给员工。
我认为这种行为是意料之中的,可能是ECP-2722阻止员工为自己分配管理员权限的结果。
解决方法可以是:
- 通过属于admingroup的用户创建员工
- 明确定义对
员工的写入权限。组
类似资料:
-
我从用户模型中继承了三个用户,即Admin、Employee和Relative。 models.py 管理派克 管理员将是超级用户。管理员将前往管理站点,对员工和亲属执行CRUD。在表单中,我只希望管理员输入员工/亲属的用户名(PAN_ID)、密码和电子邮件。单击保存后,应发送邮件的相应信号,并发送电子邮件,以便在邮件功能中访问密码。密码应由make_password自动生成。我得到以下错误。 内
-
仅企业版可用 请求header PUT /v1/account/createActManager Authorization:Bearer {ACCESS TOKEN} 注: 请将上方的{ACCESS TOKEN}替换为您的ACCESS TOKEN 请求payload { "username" : "管理员A", "cost_type" : "1", "cost_limi
-
我是SQLDeveloper Oracle 12c数据库的新用户,当我尝试创建新用户时: 我得到这个错误: 错误从命令的第2行开始: CREATE USER usera IDENTIFIED BY mypsassword 命令行中的错误:2列:13 错误报告: SQL错误:ORA-65096:公共用户或角色名称无效 我能做什么呢? 谢谢你们的帮助
-
我正在使用这个库:https://github.com/googleapis/google-api-php-client 我创建了一个简单的PHP脚本,从谷歌搜索控制台/网站管理员工具中获取一些关于我拥有的域名性能的信息。 它不打算代表访问页面并拥有自己网站的用户进行自动身份验证。它旨在显示关于我的网站的信息,并通过固定的服务号进行标识。下面更详细。 下面是PHP代码: 因此,我做了以下工作: 在
-
本文向大家介绍java类访问权限与成员访问权限解析,包括了java类访问权限与成员访问权限解析的使用技巧和注意事项,需要的朋友参考一下 在写代码的时候有个问题:包内定义了一个接口类,另外一个包要实现它,这里采用接口隔离与依赖倒置原则,将两个包的依赖关系倒置过来。但是,这里就遇到了一个问题,实现类采用工厂模式来实例化,所以实现类就不想暴露给包外,但是实现类还要实现public接口。所以这里有产生了一
-
本文向大家介绍dos之net创建管理员用户的实现,包括了dos之net创建管理员用户的实现的使用技巧和注意事项,需要的朋友参考一下 1、dos命令中net命令常用创建用户 下面这段代码是用来创建一个管理员用户 代码: 代码分析: 该命令是创建一个标准用户admin密码是4869 创建之前: 创建之后: 注意:这里如果不想创建的用户有密码可以用net users admin /add 该命令是将