Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Expected behaviour

When creating a control center user with granular permissions selected from the existing list of Control Center User Permissions, which are created with the provided hivemq-enterprise-security-extension/scripts/sql/v1.2/insert/default_permissions_insert.sql script, the CC user has access to all permitted information and functions.

Observed behaviour

Unless the HIVEMQ_SUPER_ADMIN permissions is available for the CC user, the pages Clients, Analytics and Trace Recordings are not accessible to the user.

Reason

There is a typo in the HIVEMQ_VIEW_DATA_CLIENT_ID permission. So this permission is never properly set and without that permission the user cannot view any of the mentioned pages as they all contain clientIDs.

Affected Version

All version older than 1.5.2 are affected.

Solution / Workaround

Fix the typo in the cc_permissions table.

update cc_permissions
set permission_string = 'HIVEMQ_VIEW_DATA_CLIENT_ID' where permission_string = 'HIVEMQ_VIEW_DATA_CLIENTID';

If you are using an ESE version older than 1.5.2 we suggest you also add 3 new permissions that got introduced with HiveMQ 4.3

insert into cc_permissions (permission_string, description)
values ('HIVEMQ_VIEW_PAGE_RETAINED_MESSAGE_LIST', 'alloed to view retained message list'),
       ('HIVEMQ_VIEW_PAGE_RETAINED_MESSAGE_DETAIL', 'alloed to view retained message details'),
       ('HIVEMQ_VIEW_DATA_USER_PROPERTIES', 'allowed to see user properties of messages')
;

  • No labels