Service Virtualization

Here is the case. I created  a user role that has only access rights to the workstation and has no access rights to any resource/ resource group. I created a user having this role.

When I login to the portal and start a recording via the section Create \ Virtual Service via Recording I can select a VSE Server. But ... I should not be able to do that because I do not have any assigned resources to my role. So why can I select a VSE server here? Is this a bug?

Are you using LDAP or just ACL?

Can you screen shot the user with their defined roles?

Hi Mary,

Both actually. I noticed this problem with a user accessing via LDAP. I checked it with a ACL test user I created myself. The only role I defined was a a role only containing workstation access.

So this is this role attached to the test user:

Since you are using LDAP, there would be 2 files that are used: 

authentication-providers.xml

ldap-mappings.xml

Is the new role defined in the ldap-mappings.xml file?

If not, then what ever value is defined for defaultRole in the authentication-providers.xml is what that user will get.

Can you verify the two files?

The only defined role in the ldap-mappings.xml is for super users. With my customer only one AD role is created for the super users which is a very restricted group (only three members). All other users are automatically mapped to the guest user when they login for the first time. After first login they are promoted to the role shown above  (=Local VSE Developer (General)). This will only allow them to do local development. So no deployments on any of the VSE servers, that works because this role has no resources assigned to it, and no access to any create functionality on the portal. But the later restriction is not working because they can do recordings via the portal. And I do not want them to do that.

I assumed that when I do not assign any resources to a role any user having this role will have no rights on the Portal to create anything. But this is apparently not the case and I do not understand why.

Hi Izaak. It might be helpful to review the documentation for ACL. It can be a bit confusing. 

Access Control (ACL) - DevTest Solutions - 10.2 - CA Technologies Documentation (and sub-pages)

ACL Configuration Scenarios - DevTest Solutions - 10.2 - CA Technologies Documentation 

Configure Authentication Providers for ACL - DevTest Solutions - 10.2 - CA Technologies Documentation 

Authorize Users Authenticated by LDAP - DevTest Solutions - 10.2 - CA Technologies Documentation 

And video: April 2017 Webcast Replay - User Types, Access Control, and License Reporting in DevTest 10.0