Layer7 API Management

Hi there,

we are using the Security Zone feature within our policies to provide read-only access for some other colleagues, but we found now some strange behavior.

When creating a policy we are using a template (an existing policy, which just will be copied and then filled with the specific values). Once we paste the template and the "Service Properties" window occur we directly choose the required Security Zone. But when doing this, the read-only user can see the policy and also open it, but can't view the Revision History (Access denied). We also noticed, that the tab-description of an opened policy looks strange, means there is a "?" within the brackets where normally the version number is visible (see following screenshot):

To workaround this issue we have to disable the Security Zone in the Service Properties, save it and then re-enable it again. Do we make any mistakes or is this a bug?

Thanks for any ideas or further help.

Ciao Stefan

Hey Stefan 

that '?' is probability coming from revision history, and since read only user can not see revision history so that '?' behaves as is blocked ...

Security zones is very powerful tool and you nigh have to mix and match with appropriate Roles in order to get result you expect. 

read user is able to read (see policy) but not change it or save it... I believe 

Cheers 

Kemal 

Hi Kemal,

thanks for the quick answer. Ok, the "?" might makes sense for the Situation, where the Revision History is NOT accessible. And yes, I would accept it, if the "View"-Role would not include this function at all.

But that's not the case! As mentioned above, after the workaround a read-only user CAN view the Revision History. So I'm still wondering why there are two different behaviors for the same thing. How can this be avoided and/or corrected?

Thank you!

Ciao Stefan

Hey Stefan, 

this looks like a Bug.

you might want to open up a case with us so we can create defect from the case.

Kemal