Impersonation Issue and Elevate roles after commiting large update set with 8000+ updates

Michal Hancar1
Tera Contributor

‎06-27-2018 08:47 AM

Hello,

we were committing couple of update sets which had about 8000+ customer updates in them and we ran in couple of interesting issues. When we tried the similar approach on our personal development instances, it worked for Kingston on Build tag: glide-kingston-10-17-2017__patch6-05-16-2018 - this is the exact same patch and version as our customer.

The weird behaviour is following:

Impersonation:

find_real_file.png

This happens after we click on a user.

Elevated roles:

find_real_file.png

No checkbox is displayed even though we have security_admin role and ACLs are as they should be.

However, we found out that we actually can impersonate other users but in old UI15. The error in the picture above happens only in UI16.

We do not have any customer updates as UI scripts or anything like that.
Any ideas what could cause this?

Thank you,
Michal

Preview file
6 KB
Preview file
9 KB
  • 1,713 Views
5 REPLIES 5

Isaac Swoboda1
Tera Contributor

‎08-16-2018 08:15 PM

Hello Michal,

 

Were you able to solve this? I am having the same issue. 

 

Thanks,

Isaac

0 Helpfuls

Michal Hancar1
Tera Contributor
In response to Isaac Swoboda1

‎08-21-2018 07:16 AM

Hello iswoboda,
 
we solved this but with assistance from ServiceNow. I was not involved in the resolution of this issue but my collegue who was present during the next deployment mentioned that ServceNow employees imported some XML file and suddenly all was well and working.
 
Note: this issue has nothing to do with PRB1156612, the issue we encountered is completely different.
 
Kind regards,
Michal

Isaac Swoboda1
Tera Contributor
In response to Michal Hancar1

‎08-21-2018 07:49 AM

Thank you Michal, I will reach out to HI for the fix. 

0 Helpfuls

sachin_namjoshi
Kilo Patron
Kilo Patron

‎08-16-2018 08:21 PM

This is an known issue and it's reported with PRB1156612.

 

Following is the workaround solution

Official Response from HI for PRB1156612:

 

 

 

"To workaround this issue customers can configure the out of box READ ACL on sys_user.locked_out field by giving this ACL the ITIL role. Basically, this ACL needs to pass for the user trying to impersonate other users.

 

 

 

  Depending on the customer's needs, other option is to allow this ACL to pass for any role/user, by removing the existing roles on the ACL. "

 

Regards,

Sachin

0 Helpfuls