New in AssetWise Information Integrity Server v23.00.07
Impersonation Functionality
Impersonation Functionality is now constrained to ensure that it is used as intended: Power users/administrators should be granted the “impersonate any user” permission, when the impersonation attempt is to run as a normal user with fewer privileges.
Scenarios in which a normal user is granted the permission and attempts to elevate their access by impersonating an administrator, for example, the user is denied that access.
Session Elevation
With this release, session elevation now works consistently across all scenarios, in that it will always require the application/code to place a session into an elevated state, (it must be something that the users purposely wants to do). Previous releases included scenarios in which standard business rules would be ignored without the user choosing to do so if they had one of the relevant Grade0 permissions which implies that they can break business rules. The following Grade0 permissions has also been removed since they are now redundant:
- Modify Approved Documents (2081)
- Modify Approved Virtual Item Groups (2082)
- Modify Approved Tags (2083)
Grade0 “Elevated Permission (2086)” should now be assigned to users in all cases to allow elevation functionality.
Queue Jobs
In order to be consistent with the permissions required to manage all other types of jobs, “Manage All Queue Jobs” Grade0 permissions is now required for viewing, resubmitting, or managing Storage and Ftr jobs, instead of “eB System Settings” permissions.