0008653: Need a way for a client to determine what role(s) it is assigned after it creates a session.

ID	Project	Category	View Status	Date Submitted	Last Update

0008653	Feature Requests	Feature Request	public	2023-01-25 21:03	2024-07-02 16:43

Reporter	David Levine	Assigned To	Randy Armstrong
Priority	normal	Severity	major	Reproducibility	have not tried
Status	assigned	Resolution	no change required

Summary	0008653: Need a way for a client to determine what role(s) it is assigned after it creates a session.
Description	Clients need to determine if it has administrative rights so it can take corrective action (e.g. request the user enter different credentials) before it tries and fails to execute a privileged operation. There may already be a solution, but it is not obvious. One solution is to use the authentication token returned from CreateSession to determine the roles assigned to it, perhaps by invoking a method in the Server that returns the list of roles for that token. Use case: a client used for configuring servers needs elevated privileges. If a user enters the wrong credentials the system should detect this and inform the user before it tries and fails to correctly configure the server. This is important when some operations may succeed even with reduced privileges but others fail, resulting in an incorrectly configured (and possibly broken) server.
Tags	No tags attached.

Commit Version
Fix Due Date

David Levine 2023-02-14 17:00 developer ~0018714	The ability for a client to determine its own roles may be limited to clients which have connected over a secure connection, so that hackers with anonymous access cannot do this. This mantis issue should be assigned to Part 18, Role based security. This should be discussed in the security WG so the experts can weigh in on this.

Randy Armstrong 2023-02-15 16:33 administrator ~0018720	The UserRolePermissions attribute already provides this information.

Jim Luth 2024-07-02 16:41 administrator ~0021407	Session Security Diagnostic info will provide this information to a SecurityAdmin. Do we need a way to return this for your own session regardless of permissions?

Date Modified	Username	Field	Change
2023-01-25 21:03	David Levine	New Issue
2023-02-14 17:00	David Levine	Note Added: 0018714
2023-02-15 16:33	Randy Armstrong	Assigned To	=> Randy Armstrong
2023-02-15 16:33	Randy Armstrong	Status	new => resolved
2023-02-15 16:33	Randy Armstrong	Resolution	open => no change required
2023-02-15 16:33	Randy Armstrong	Note Added: 0018720
2024-07-02 16:41	Jim Luth	Note Added: 0021407
2024-07-02 16:43	Jim Luth	Status	resolved => assigned