Hi,

I have a custom WF for a role and if I assign this role as Org manager
to one user an approval request goes to the users from the Admin role.
Which is OK. But what's strange to me is that a target user gets the
request as well and this a big security issue because not authorized
user can approve it.
Do you know why this user is getting this request? In my example the
user is Chuck Norris

Request detail:

nrfStartDate 20160219084058Z
nrfCategory 10
nrfRequester cn=milan_juricek,ou=ctp,ou=users,o=swc-esl,dc=data
nrfTargetDN cn=chuck_norris,ou=tstorg,ou=users,o=swc-esl,dc=data
nrfSourceDN cn=BR_FSS,cn=esl_br,cn=Level30,cn=RoleDefs,cn=Role Config,cn=AppConfig,cn=UserApplication,cn=eslds,ou =services,o=system
nrfCorrelationId UserApp#UserStartWorkflow#9285ceb2-47d1-48c5-add4-eaa0a1322dc8
nrfApprovalProcessId 034666e645794fdfbf848598bea033fd
nrfRequestDef cn=WFR_012_VE2000I_Role,cn=RequestDefs,cn=AppConfi g,cn=UserApplication,cn=eslds,ou=services,o=system
objectClass nrfRequest
objectClass Top
nrfImmediate TRUE
cn 20160219094058-6827bfaa4baf472da6185e14cb8cbf2a-0
nrfApprovers cn=AppRole_Admin,cn=Level10,cn=RoleDefs,cn=RoleCon fig,cn=AppConfig,cn=UserApplication,cn=eslds,ou=se rvices,o=system#1#0
nrfDescription WF: Modify a User, ID: d52ac84245aa4f66805253a1ffa1cdef
nrfOriginator WF:d52ac84245aa4f66805253a1ffa1cdef
nrfStatus 15
nrfRequestDate 20160219084058Z


Regards,
Milan


--
mjuricek
------------------------------------------------------------------------
mjuricek's Profile: https://forums.netiq.com/member.php?userid=1616
View this thread: https://forums.netiq.com/showthread.php?t=55394