Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DLS][Network Drive] Document is visible if Group has GRANT access but user has an explicit DENY #1963

Open
praveen-kukreja opened this issue Dec 8, 2023 · 4 comments · Fixed by #2004
Open

[DLS][Network Drive] Document is visible if Group has GRANT access but user has an explicit DENY #1963

praveen-kukreja opened this issue Dec 8, 2023 · 4 comments · Fixed by #2004
Labels
bug Something isn't working priority:high

Comments

@praveen-kukreja
Copy link
Contributor

praveen-kukreja commented Dec 8, 2023
edited
Loading

Bug Description

Steps to Reproduce:

A group A has been provided read/write access to a file in Windows Network Drive but a given user user1 of that group A has an explicit DENY permissions for a document.

Expected Behaviour:

In that case the document is not accessible to user1 in the source (network drive) since in Windows explicit deny ACEs are evaluated before any explicit allowed ACEs. Reference: https://learn.microsoft.com/en-us/windows/win32/secauthz/dacls-and-aces

Actual Results:

The document is visible in the search applications to the user.

Environment

Windows Network Drive
@praveen-kukreja praveen-kukreja added the bug Something isn't working label Dec 8, 2023
@praveen-kukreja praveen-kukreja self-assigned this Dec 8, 2023
@praveen-kukreja
Copy link
Contributor Author

I've found a possible resolution for the fix, implementation is in-progress

@rodmacedo1
Copy link

Hi @praveen-elastic this is the same for #1966?

@praveen-kukreja
Copy link
Contributor Author

Hi @rodmacedo1, yes I'll raise a common PR for both the issues.

@praveen-kukreja praveen-kukreja mentioned this issue Dec 21, 2023
Merged
7 tasks
@moxarth-rathod moxarth-rathod mentioned this issue Oct 14, 2024
Open
@seanstory
Copy link
Member

Based on #2875 (comment), it seems that this issue is not fixed after all. Reopening.

@seanstory seanstory reopened this Oct 17, 2024
@seanstory seanstory removed the v8.12.1 label Oct 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working priority:high
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Network Drive] [DLS] Fix precedence for Deny permissions elastic/connectors
5 participants
@seanstory @rodmacedo1 @praveen-kukreja @danajuratoni @erikcurrin-elastic