• Type: Bug Fix Bug Fix
    • Status: Open Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Development
    • Security Level: Public (Public: Anyone can view)
    • Labels:
    • Similar issues:
      KULRICE-4852Kim Role search returns roles for "member" (group and principals) that are inactive
      KULRICE-11714KIM Performance: check whether role members need to be sorted
      KULRICE-4218Handle Groups and Roles without members
      KULRICE-14235KIM Role: Delegate issues once the member is inactivated
      KULRICE-4215Need a member "Inactivate" button that will automatically inactivate group/role/etc members
      KULRICE-7082KIM role document not handling missing qualifiers on role members
      KULRICE-13968Reopening or reloading a role document can cause unmodified members to disappear
      KULRICE-12523People Flow: Group and Role Member not displayed on confirmation & DocSearch views
      KULRICE-8256KIM Role Document: stack trace when clicking to sort role members on
      KULRICE-8267Inefficiencies in persisting role members in the IdentityManagementRoleDocument (4062)
    • Rice Module:
    • Application Requirement:
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required
    • Code Review Status:
      Not Required
    • Include in Release Notes?:


      Fetching role members for roles is not checking whether member is listed in applicable group associated with a role.

      This issue is related to the linked JIRA in KC where creating and assigning a new Group to a role adds unauthorized Unit options for other users.

      protected List<RoleMemberBo> getRoleMembersForRoleIdsWithFilters(Collection<String> roleIds,
      String principalId, Collection<String> groupIds, Map<String, String> qualification)

      We might have to check whether passed in principal is member of group associated?

      Adding additional criteria below helped during debug.

      if ( StringUtils.isNotBlank(principalId) )

      { groupPredicates.add(PredicateFactory.equal(KIMPropertyConstants.GroupMember.MEMBER_ID, principalId)); }


        Douglas Pace added a comment -

        See this PR for a summary of the changes we've made to fix this.

        Douglas Pace added a comment - See this PR for a summary of the changes we've made to fix this.


          • Assignee:
            Rajeev Mancheril (Inactive)
          • Votes:
            0 Vote for this issue
            2 Start watching this issue


            • Created:

              Structure Helper Panel