Proxy users can delete another user's appointments, when they only have Read access

  • Document ID:7009292
  • Creation Date:03-Sep-2011
  • Modified Date:27-Apr-2012
    • Micro Focus Products:
      GroupWise

Environment

Novell GroupWise 7
Novell GroupWise 8

Situation

A Proxy users can delete another user's appointments, when he/she only has read access to the appointment.

Resolution

This has been reported to GroupWise Development.

Additional Information

Steps to Duplicate:
  1. Login with User A and give Read only proxy rights to User B on Appointments. And while logged in with User A send a test appointment to someone or itself
  2. Login with User B and proxy into User A's account and select calender and should be able to view the existing appointments which are in the User A's calender.
  3. Locate the appointment that was send by the User A in step 1.
  4. Using the mouse, attempt to drag the appointment to a different time slot.
  5. GroupWise will prompt the message "Do you want to perform a busy search or edit the item before rescheduling?"
  6. Click No and it will throw "GroupWise error D123: Access to user denied" and Click OK.
Login to User A account and search for the Appointment and it will be deleted from the user's Calender.

Formerly known as TID# 10063720