At some point in the last 6 months, users who were in an AD group providing them level 1 (normal user) access lost all device permissions. When checking their permissions with an administrative user, all relevant devices appeared to be added correctly. Global permissions (global read-only, global administrator) still worked correctly. Upon further troubleshooting, it looks like the permissions are added to the devices_perms table using a column named “user_id”. The rows that populate when adding permissions via the GUI use the user’s “auth_id” for the “user_id” value. When we manually set the permission to use the user object’s “user_id” instead of its “auth_id”, the user can see their devices, but the permissions appear missing from the administrator’s perspective in the GUI. Either the permissions filtering code or the GUI code appear to be using the wrong value.
====================================
Component | Version |
---|---|
LibreNMS | 1.43-146-g4fa1926 |
DB Schema | 268 |
PHP | 7.1.17 |
MySQL | 5.5.56-MariaDB |
RRDTool | 1.4.8 |
SNMP | NET-SNMP 5.7.2 |
====================================
[OK] Composer Version: 1.7.2
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct