[LPE-15282] User permissions are not updated until cache is cleared - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Completed
Affects Version/s: 6.2 EE GA1 (6.2.10), 7.0 DE (7.0.10)
Fix Version/s: 6.2.X EE, 7.0.X EE
Component/s: Application Security > Permissions, Performance > Caching Infrastructure, Security Vulnerability
Labels:

Fix Pack Status:
Scheduled

Description

A user may continue to have access to resources even after their permission has been removed because user permissions are not updated when GroupLocalServiceUtil.deleteRoleGroup(long, long) is called until after the cache is cleared. This issue only affects the portal if GroupLocalServiceUtil.deleteRoleGroup(long, long) is directly called. This issue does not occur if permissions is updated through the portal's UI.

Attachments

Activity

People

Assignee:: Joshua Cords

Reporter:: Michael Bowerman

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 18/Aug/16 12:07 PM

Updated:: 20/Nov/18 3:35 AM

Resolved:: 10/Sep/18 8:46 AM

Packages

Version	Package
6.2.X EE
7.0.X EE