Control Center User Permissions not working correctly

Owned by Florian Raschbichler
Last updated: May 15, 2023 by Daria Samkova
1 min read

Expected behavior

When creating a Control Center User with granular permissions selected from the existing list of Control Center User Permissions, which are created with the provided hivemq-enterprise-security-extension/scripts/sql/v1.2/insert/default_permissions_insert.sql script, the Control Center User has access to all permitted information and functions.

Observed behavior

Unless the HIVEMQ_SUPER_ADMIN permissions are available for the Control Center User, the pages “Clients”, “Analytics” and “Trace Recordings” are not accessible to the user.

Reason

There is a typo in the HIVEMQ_VIEW_DATA_CLIENT_ID permission. So this permission is never properly set and without that permission, the user cannot view any of the mentioned pages as they all contain clientIDs.

Affected Version

All versions older than 1.5.2 are affected.

Solution / Workaround

Fix the typo in the cc_permissions table by executing the following SQL Update statement:

update cc_permissions set permission_string = 'HIVEMQ_VIEW_DATA_CLIENT_ID' where permission_string = 'HIVEMQ_VIEW_DATA_CLIENTID';

 

If you are using HiveMQ Enterprise Security Extension version older than 1.5.2 we suggest you also add 3 new permissions that got introduced with HiveMQ 4.3:

insert into cc_permissions (permission_string, description) values ('HIVEMQ_VIEW_PAGE_RETAINED_MESSAGE_LIST', 'alloed to view retained message list'), ('HIVEMQ_VIEW_PAGE_RETAINED_MESSAGE_DETAIL', 'alloed to view retained message details'), ('HIVEMQ_VIEW_DATA_USER_PROPERTIES', 'allowed to see user properties of messages') ;