Question

Role Permission allowed an unauthorized action


Userlevel 2
Badge +6

We have certain users who are wanting to be able to create reports for their clients being backed up inside of Commvault. We are wanting to only allow them to view their client(s), libraries, and jobs without the capability of adding/remove/editing/creating. The Only thing we we want them to add/edit are reports that they can create for their environment and that's it. 

Somehow back in May they were able to stop one of their jobs due to it causing a connection issue to the client causing a network traffic. this was an illegal operation which they performed, and my managment was not happy. I have attached their role profile. I am confused as to how they were able to perform this action based on the role settings. Any help as to get to the reult of what we are looking for is greatly appreciated. 

 


4 replies

Userlevel 4
Badge +9

Hi @TP_Erickson,

Can you provide the associated entities view from the user group you are applied this role to?

Are there additional roles applied besides for this role?

In the associated entities view from the user group and the user level do you see any additional role or ‘custom role’ specified?

Is the user associated to multiple groups and may be inheriting permissions from an additional group?

Userlevel 2
Badge +6

Hi @TP_Erickson,

Can you provide the associated entities view from the user group you are applied this role to?

Are there additional roles applied besides for this role?

In the associated entities view from the user group and the user level do you see any additional role or ‘custom role’ specified?

Is the user associated to multiple groups and may be inheriting permissions from an additional group?

Here is the Associated Entities tab for the Group the accounts we want restricted. It seems that this is the only role assigned

 

Userlevel 4
Badge +9

@TP_Erickson,

From that view I wouldn’t expect the behavior you encountered. Can you please create a new support incident for us to investigate further and share that incident number here for tracking?

During case creation please also upload your Commserve logs, and Commserve database with latest database and include in the case details the role, group, user example and behavior that you observed,

Userlevel 2
Badge +6

Created Incident 220623-657, basilly word foro word copied my question here for the forums, and sent the attachments and pictures over as well. will keep this forum page posted. Thanks for the help so far. 

Reply