Why can’t a non-Admin user see reservable spaces in organization?

We have some reservable spaces with system geography and system organization settings. A non-Admin user also has the same geography settings. There are security groups for reservations, and organizations and geography security groups are assigned to him. The geo and org security groups have the same geo and org as the space and profile. But the non-Admin user still isn’t able to see spaces.

He is only able to see them when the first level of the org hierarchy is provided in the group (i.e. \Organization). But as soon as the second level is given in the group, he isn’t able to see them. Can anyone help me on this? I think there is some issue in the org, but I don’t know exactly where it is.

[Admin: To see other related posts, use the Geography tag or Organizations tag.]

Continue reading →

Advertisements

Why do queries that are expected to display data show nothing?

When running queries against records within the application, expected record results are not displayed. Why do queries that are expected to display data show nothing at all?

Within the application, we have a variety of different settings that can restrict a user’s access to record data. The user’s Security Group can restrict access to records at the module and BO level, but each use case is slightly different. 

Within every user-facing record, on the System tab, there are fields for System Organization, System Location and System Geography. These values operate in conjunction with similar fields on the Security Group and the User’s People record to allow and restrict access to records. 

The key is that as soon as the user is given a defined Organization, Location, and Geography, the fields on the System tab of their People record are populated. Once that happens, each record they create will be seeded with that information as well. So far, all is well and good, but those users who lack similar settings are now unable to see those newly created records, unless their System fields are the same as or located at a higher point in the hierarchy.

Another area to consider is the Security Group settings for Organization and Geography. If a user has no values set on their People record, the application can still restrict access by using the Security Group values. This can cause a problem as the Organization and Geography Security is defaulted to null in the as-shipped application. This essentially gives the security code no starting point for determining access and will not display records.

To recap, if the record data does not align with the data in the user’s People record, or the data in the user’s Security Group, the record will not be displayed. As mentioned, there are a couple of things to look for. As an Admin user, compare the user’s record data with the record that should be displayed, and correct any misaligned data. Also, in the Security Group, set the Organization and Geography to the root of each hierarchy by default. For additional details, please review the following TRIRIGA wiki article: Security Overview.

Continue reading →

IV97700: Security group blocks calendar reservation information

We have a problem when we open a reservation from the calendar. It seems that when the user has a primary organization and he opens a reservation from My Calendar, the reservation window is opened, but it doesn’t show any information. However, if the user doesn’t have a primary organization, the reservation window is opened and it shows the information correctly.

When dealing with an organization, geography, and project security, you should use the user’s groups, not override groups. In Reserve, My Calendar, a user with an organization or geography is unable to open a reservation that was created. The security was not using the organizations or geographies from the user’s profile (groups) when determining the user’s access. Instead, it was using the overridden Reserve security group.

[Admin: To see other related posts, use the Reservation tag.]

Continue reading →

How do you report a triProperty with more than one triBuilding?

I have a few questions from our customer about TRIRIGA reports:

• Question 1: We want to create a report to show the triProperty which has more than one triBuilding as children. By using an association filter, we can only show the triProperty which has at least one triBuilding. By using a summary report, we can group by triProperty to show the number of triBuilding it has, but we can’t add another criterion based on the “Number” column. So, both two solutions above don’t work.
• Question 2: How can we do something like a “left join” in a multiple-BO report? We have noticed that the behavior of multiple BOs in a report acts more like an “inner join” query. The filter based on the secondary BO will also impact the primary BO result. Do you know any way to get a “left join” result in TRIRIGA?
• Question 3: How can we share a list of reports with users who are members of a specified security group? Our customer doesn’t want to grant the access of the “My Report” application for those groups, and they would like a solution that is more dynamic than adding those reports into the portal of the user. I don’t know if there is way to do this. Can the Admin user define a favorite list for the end users?

[Admin: To see other related posts, use the Reports tag or My Reports tag.]

Continue reading →

Verdantix: Solution providers step up IT security in smart buildings

One of the biggest barriers to growth in remotely accessing building management systems (BMS) – one of the key features of a smart building – is IT security.

The IT industry has established a sophisticated process for monitoring and protecting IT networks, but these concepts are not as well developed in building systems and many of the equipment that make up the Internet of Things (IoT). Additionally, there is often lack of communication and collaboration between the IT department and the facilities department. There is also increasing pressure on service providers to provide an out-of-the-box security solution.

Smart buildings are particularly vulnerable as every added connected device is another potential door into the building’s wider network. Even one of the most high-tech companies in the world, Google, was hit by a cyberattack in 2013 through a building management system. Retailer, Target was hacked through the HVAC system in 2014. This year, we have seen severe ransomware cyberattacks, such as the WannaCry ransomware attack that affected computers in over 150 countries.

This type of attack now feels very regular with a similar one occurring as we write. Individual buildings such as hotels have also been targeted and hacked through building automation systems (BAS) – witness the attack on a luxury hotel in the Austrian Alps in February, where the card system got breached, shut down, and a ransom demanded to restore the system to enable guests back into their rooms…

To learn more about the market for remote monitoring solutions see our recent report – Now Is The Time To Implement Remote Monitoring Solutions.

[Admin: To see other related posts, use the Smart Buildings tag or Vulnerability tag.]

Continue reading →

Why can’t “Create” state transition be triggered through OSLC?

I have an issue where it is not possible for non-Admin users to trigger the Create state transition through our OSLC interface. Instead, we get the following error:

2017-06-27 13:08:10.301 UTC ERROR [com.tririga.platform.integration.oslc.OslcRequestDispatcherImpl](Default Executor-thread-34280) Failed to read message: null
2017-06-27 13:08:10.301 UTC ERROR [com.tririga.platform.integration.oslc.OslcRequestDispatcherImpl](Default Executor-thread-34280) Exception in OSLC call: com.tririga.platform.integration.oslc.OslcException. message=java.lang.ClassCastException: com.tririga.platform.metadata.domain.BoStateTransitionId incompatible with com.tririga.platform.metadata.domain.gui.GuiStateTransitionMetadata

The fact that I am able to create and associate the record using an Admin user says to me that this is related to permissions, but I’ve made sure that the user has full security access for both the BO/form it is trying to create, the BO/form that it is attaching it to, and all other BOs/forms that are associated to it, and it still gives me the error above.

When I open the created record that my Admin user created, it looks to be correct. But when I open the one that the non-Admin user tried to create, it shows an empty record. None of the fields are saved in a null state, which of course is because it didn’t get created, the Create state transition was not triggered. Any idea of what is causing this issue? And how to resolve it?

[Admin: To see other related posts, use the OSLC tag.]

Continue reading →

Changing functionality in TRIRIGA to fix security vulnerabilities

In this day and age, security is a very hot topic. As soon as one vulnerability is addressed and mitigated, another one is found. It is a vicious circle of identifying and addressing vulnerabilities that does not seem to let up. In our fix pack release notes, information regarding the mitigation of vulnerabilities that were addressed without an APAR is listed. And sometimes, a vulnerability is addressed as an APAR.

The reason I am mentioning security vulnerabilities is that sometimes, when they are resolved, there is an impact on existing functionality, which may not always be clear. Sometimes, the result of fixing vulnerabilities can “change” functionality. As an example, in the TRIRIGA 3.5.2 release, external URL navigation items will now open in a new window to avoid cross-origin scripting vulnerabilities…

As the product develops and security vulnerabilities are found and addressed, it could mean a change in how something works. Reading the release notes can be a source of information, but it may not always be clear why something changed. We all know change is hard, especially when we are so used to it working in a certain way. I don’t know about you, but if the change was made to address a security vulnerability, I can live with that and accept the change.

[Admin: This post is related to the 04.07.17 post about APAR IV94912 where “External URL” navigation items may no longer work. To see other related posts, use the Security tag or Vulnerability tag.]

Continue reading →