[jira] Created: (OFBIZ-4130) Tenant super user (tenant admin) can view all database details of all tenants

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13196769#comment-13196769 ]

Hans Bakker commented on OFBIZ-4130:
------------------------------------

Pierre,

ofbizsaas.com is just a demosystem of the tenant functions within ofbiz. No modifications were done in the access logic of these tenant tables.

Regards,
Hans
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13236552#comment-13236552 ]

Pierre Smits commented on OFBIZ-4130:
-------------------------------------

Defus,

You changed the status of this issue to Patch Available, but you did not provide the patch. Can you please do so? I will then evaluate as soon as possible.

Regards,

Pierre
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13258841#comment-13258841 ]

Pierre Smits commented on OFBIZ-4130:
-------------------------------------

I believe that the following piece of code in framework/entity/src/org/ofbiz/entity/GenericDelegator.Java is the culprit:

// to avoid infinite recursion, and to behave right for shared org.ofbiz.tenant entities, do nothing with the tenantId if the entityGroupName=org.ofbiz.tenant
        if (UtilValidate.isNotEmpty(this.delegatorTenantId) && !"org.ofbiz.tenant".equals(entityGroupName)) {
            helperInfo.setTenantId(this.delegatorTenantId);

            // get the JDBC parameters from the DB for the entityGroupName and tenantId
            try {
                // NOTE: instead of caching the GenericHelpInfo object do a cached query here and create a new object each time, will avoid issues when the database data changes during run time
                // NOTE: always use the base delegator for this to avoid problems when this is being initialized
                Delegator baseDelegator = DelegatorFactory.getDelegator(this.delegatorBaseName);
                GenericValue tenantDataSource = baseDelegator.findOne("TenantDataSource", true, "tenantId", this.delegatorTenantId, "entityGroupName", entityGroupName);
                if (tenantDataSource != null) {
                    helperInfo.setOverrideJdbcUri(tenantDataSource.getString("jdbcUri"));
                    helperInfo.setOverrideUsername(tenantDataSource.getString("jdbcUsername"));
                    helperInfo.setOverridePassword(tenantDataSource.getString("jdbcPassword"));
                } else {
                    /* don't log this, happens too many times:
                    if (Debug.warningOn()) {
                        Debug.logWarning("Could not find TenantDataSource information for tenantId=[" + this.delegatorTenantId + "] and entityGroupName=[" + entityGroupName + "] in delegator [" + this.delegatorFullName + "]; will be defaulting to settings for the base delegator name [" + this.delegatorBaseName + "]", module);
                    }
                    */
                }
            } catch (GenericEntityException e) {
                // don't complain about this too much, just log the error if there is one
                Debug.logInfo(e, "Error getting TenantDataSource info for tenantId=" + this.delegatorTenantId + ", entityGroupName=" + entityGroupName, module);
            }

        }

Especially the remark at the top lead to this construction. But it is a wrong assumption. When used with production databases, like MySQL and PostgreSQL, just adding data through manual processes in webtools or even using ant targets do not create the recursions talked about. Only the organization in control of the OFBiz instance and having access to the underlying systems can create new tenants.


               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

     [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pierre Smits updated OFBIZ-4130:
--------------------------------

    Attachment: OFBIZ-4130-MultiTenant-visibilty.patch

This patch fixes the issue that tenant-admins with access to webtools can see other tenants
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13259490#comment-13259490 ]

Hans Bakker commented on OFBIZ-4130:
------------------------------------

I am against this patch. The tenant user can see all other tenants, is fine, somebody has to administer and be able to add tenants.
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13259490#comment-13259490 ]

Hans Bakker edited comment on OFBIZ-4130 at 4/23/12 10:07 AM:
--------------------------------------------------------------

I am against this patch. The super tenant user can see all other tenants, is fine, somebody has to administer and be able to add tenants.
               
      was (Author: hansbak):
    I am against this patch. The tenant user can see all other tenants, is fine, somebody has to administer and be able to add tenants.
                 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13259496#comment-13259496 ]

Pierre Smits commented on OFBIZ-4130:
-------------------------------------

Hans,

I believe you do not fully understand the issue at hand. I am NOT talking about the admin (as you call it the super tenant user) of the main delegator, who indeed must be able to administer and add tenants.

I am talking about users of tenants who have been granted the role of 'SECURITYADMIN' to manage/maintain data thru webtools for their own tenant. These users can see details of all tenants in tables 'Tenant', TenantComponent' and 'TenantDataSource'. And that is a situation you would not want.

Regards,

Pierre
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13259540#comment-13259540 ]

Hans Bakker commented on OFBIZ-4130:
------------------------------------

doesn't this patch effect both default or non-default delegator? Not sure how this can help.
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Only for non-default delegators (read delegators for tenants). As you know
each tenant gets his own delegator. However, current setup of OFBiz doesn't
have tenant users look at the data in the tenant delegator for the tables
mentioned, but in the main delegator.

And that is why each tenant user with access to webtools has access to the
data concerning all tenants, like tenant id and name, the setup of the
databases of each tenant,  the domain name and the components used by the
other tenants.

Regards,

Pierre


Op 23 april 2012 13:37 schreef Hans Bakker (JIRA) <[hidden email]> het
volgende:

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13259549#comment-13259549 ]

Pierre Smits commented on OFBIZ-4130:
-------------------------------------

Keeping it together. I accidentally replied directly in the dev ML, not doing it from here.

Only for non-default delegators (read delegators for tenants). As you know each tenant gets his own delegator. However, current setup of OFBiz doesn't have tenant users look at the data in the tenant delegator for the tables mentioned, but in the main delegator.

And that is why each tenant user with access to webtools has access to the data concerning all tenants, like tenant id and name, the setup of the databases of each tenant,  the domain name and the components used by the other tenants.

Regards,

Pierre
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

     [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pierre Smits updated OFBIZ-4130:
--------------------------------

    Fix Version/s: Release 11.04.01
   
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13266749#comment-13266749 ]

Jacopo Cappellato commented on OFBIZ-4130:
------------------------------------------

Hans,

unfortunately I don't know much about this code, but I would like to try to help to resolve in some way this ticket.
If I well understand, the issue reported here is that, if a tenant user is granted the role of 'SECURITYADMIN' then it has access to the data of other tenants.
How would you classify this, according to your design? Is it a bug (but the solution proposed is not good)? Is it an intended feature by design (i.e. SECURITYADMIN should be used to create a superuser, that can manage all tenants)? Is it a side effect of the design (i.e. SECURITYADMIN should *never* be used for tenant users)?
If I understand this then I can probably be of some help.

               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13267297#comment-13267297 ]

Hans Bakker commented on OFBIZ-4130:
------------------------------------

Hi Jacopo, as you probably saw in the mailinglist we are very busy here and can currently not help much.
With the current multi tenant implementation I would not make the webtools application available to tenants.

Regards,
Hans
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira