Known Issue - Security Group expiration date and status not being honored - Fixed 3/30/2018
Kevin Praeger
started a topic
about 5 years ago
Fixed in Aeries Update 3/30/2018: Security - Expiring and disabling security groups is now supported.
An issue has been discovered where the Expiration Date and Status fields for Security Groups are not being honored. This issue only affects the expiration of Groups themselves, not the expiration of individual user accounts such as commonly done with substitutes. This issue also does not affect the expiration of individual security areas within a group.
Users who are a member of a group where the expiration date has passed, or where a status has been set other than active, will still be applied the permissions of the group. Programming is aware of this issue and has provided a solution to honor these two fields, and this fix is currently in QC for testing. This fix will be released in an upcoming update.
As a good security measure, it is advised that Aeries Administrators review any security groups that have an Expiration Date or Status set, and either remove the expiration date and status to allow users to continue to have access, or if the users should not have access, remove all users from the group and/or delete the group. Once this fix is released, any expiration date and status will be honored.
The following Aeries Query is provided for your convenience in identifying groups that are affected by this issue. This should be run in your current year database within each database group. If the query returns no results, it can be assumed there are no affected groups:
LIST UGN UID UN XD ST CM IF TY = 2 AND ( XD # NULL OR ST # 0 )
Here is a similar query that can be run in SQL, which will display only those affected groups which have users attached:
SELECT * FROM UGN
WHERE
UGN.TY = 2
AND ( UGN.XD IS NOT NULL OR UGN.ST <> 0 )
AND UGN.UID IN ( SELECT UGA.GID FROM UGA WHERE UGA.DEL = 0 )
AND UGN.DEL = 0
Should you need assistance in identifying any potentially affected security groups, please feel free to contact Aeries Support.
Kevin Praeger
Fixed in Aeries Update 3/30/2018: Security - Expiring and disabling security groups is now supported.
An issue has been discovered where the Expiration Date and Status fields for Security Groups are not being honored. This issue only affects the expiration of Groups themselves, not the expiration of individual user accounts such as commonly done with substitutes. This issue also does not affect the expiration of individual security areas within a group.
Users who are a member of a group where the expiration date has passed, or where a status has been set other than active, will still be applied the permissions of the group. Programming is aware of this issue and has provided a solution to honor these two fields, and this fix is currently in QC for testing. This fix will be released in an upcoming update.
As a good security measure, it is advised that Aeries Administrators review any security groups that have an Expiration Date or Status set, and either remove the expiration date and status to allow users to continue to have access, or if the users should not have access, remove all users from the group and/or delete the group. Once this fix is released, any expiration date and status will be honored.
The following Aeries Query is provided for your convenience in identifying groups that are affected by this issue. This should be run in your current year database within each database group. If the query returns no results, it can be assumed there are no affected groups:
Here is a similar query that can be run in SQL, which will display only those affected groups which have users attached:
Should you need assistance in identifying any potentially affected security groups, please feel free to contact Aeries Support.