IV93811: Privilege escalation vulnerability in project context


The project context can be set to a project where the user does not have Capital Project security access. A user cannot modify or update data inside the project when they do this. However, the TRIRIGA platform should prevent the setting of this context from ever occurring in the first place.

Users can set the project container through direct URL manipulation. Moving forward, the privilege escalation vulnerability has been resolved.

[Admin: This post is related to the 03.01.17 post about a privilege escalation vulnerability in the Report Manager, and the 02.13.17 post about the relationship between project context and security.]

Continue reading

Why are associations reappearing after the Cleanup Agent runs?


We are experiencing an issue where associations seem to be recreated after the Cleanup Agent has run, and I wondered if anyone else had experienced this before?

On a Capital Project template, we have associated some Work Task and Schedule Task templates, and these are successfully showing up in the query section on the Schedule tab of the Capital Project template. We have a Remove action on the query section, which, when we select a Task template and click remove it, de-associates the record from the Capital Project template. We have verified that the associations are deleted and the record disappears from the query section. However, after the Cleanup Agent runs, these removed task templates are reappearing in the query section of the Capital Project template and the associations have been recreated.

Is anyone aware of this behaviour, or of something in the Cleanup Agent that might be recreating these associations? If so, is there a way around it as users are starting to complain that records they have removed are showing back up again?

Continue reading

IV93632: Report query “Project Schedule Variance” fails


The report query “triCapitalProjectFact – GUI Metric – Current Program Filter – Project Schedule Variance” fails when the drop-down menu selection for “Change Order to Budget” is made. A MID error is displayed and the only way to make it work is to click “Restore Defaults”.

The metric report “triCapitalProjectFact – GUI Metric – Current Program Filter – Change Order to Budget” had a bad “Group By” sequence. We needed to save the “Group By” order.

Continue reading

IV93170: Revised Funds discounted twice in capital projects


This was seen with TRIRIGA Application 10.5.2. The final amount for the Revised Funds is being discounted twice for positive or negative values…

Check the Revised Funds value. In the client’s example, it was expected to be $900,000.00 USD as only $100,000.00 was discounted out of $1 million USD. But it was discounted twice and it showed $800,000.00 in the Revised Funds column.

Continue reading

What is the relationship between project context and security?


TRIRIGA has the notion of project-based security scope, also called project context. At the upper right-hand side of the main TRIRIGA portal, there is a toggle to switch between Company and Project-level security, as well as a query to find and select in which project to operate.

To see and select a project, the user must be given specific security access to a project. This is done by adding the user’s group or the specific user to the Security tab of the project. Once the user or users have been granted access to the project, and they select the project from the project selector on the portal, they are then in the “context of the project.”

Any records created in the project context are then owned by that project, and security is restricted to those records, so the records are only visible and editable to those people that have access to the project, and have also switched their scope to run in that project context.

Items like documents and folders within Document Manager will also operate in a project context. You may notice that files uploaded to the Notes & Documents tab of records in the project context have a different folder path within Document Manager. Because the entire Document Manager tree is also in the project context, it is necessary to have the parent folder created in the project context as well. This folder’s path will be different than the uploads on records at the company level.

20170213a

[Admin: This post is related to the 04.08.16 post about where your documents go in TRIRIGA, and the 08.25.16 post about an issue with selecting child projects.]

Continue reading