000031210 - Admin user with lesser privileges is able to terminate the active user session by a superadmin

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000031210
Applies ToProduct set: SecurID
Product: RSA Authentication Manager
Product Version: 8.1
OS: SuSE Linux
OS Version: 10
Issue
A user with admin role with lesser privileges is able to terminate the active user session by a super admin
Edit Admin Role — > General Permissions — > Manage Users ---> If I select View option Active user session menu appears with a search option. He can search only the active user sessions and see his own active session only.However, if I enable edit option, "Active User Session Termination" is enabled and he can close any active user session including the active session of a super admin.
CauseIncorrect permissions are set when edit option for "Active User Session Termination" is enabled. This issue is reported in defect AM-29337.
ResolutionThis issue has been resolved in patch 7 for Authentication Manager 8.1 SP1. Download patch 7 from RSA SecurCareOnline for AM 8.1 SP1.
Note: If an admin has the permission to "Approve" a request he can either approve or reject the request.

Attachments

    Outcomes