Here is an interesting issue I came across while testing HPD permission
request in 4.5.4 but it seems to be the same in 4.5.2

Here is the scenario: The client has several thousands of resources and
also several workflows. Normal user should only have access to a handful
of those workflows, none of the resources.

The documented way to restrict visibility to these permissions is to
remove a browse entry right from the trustee of the permissions.

Here is the problem: if the user only has access to less then 10
permissions (number of permissions to display per page) User application
will verify access to EVERY SINGLE Permission through this ldap call:

3314837248 LDAP: [2016/08/09 17:54:07.703]
( DoExtended: Extension Request OID:

From the trace, it seems that it makes this call for every single

This can take a long time if you have a lot of different permissions -
roles, resources and workflows to which the user DOES NOT have access

Ironically, if you do have access to more than 10 of these permissions -
there is no issue because the search will only verify as many
permissions as it can fit on the page - if you have access to them.

Is there another way to restrict the permission visibility that will not
trigger this massive extended operation call to edirectory?



mjendrisek's Profile:
View this thread: