Cisco Bug: CSCvu20180 - Read-only user is able to edit / configure the Monitor alerts for FMC gui.
May 12, 2020
- Cisco Firepower Management Center
Known Affected Releases
Symptom: Scenario 1: ============ Logged in FMC as admin user and created a "test" health alert. Logged in read-only user "read1" and could delete the same which should not be possible as per customer’s requirement. Scenario 2: ======== Logged in as readonly user "read1" and successfully create the health alert, which should not be allowed per customer’s requirement. Conditions: USER ROLE: ============ I have tried the above 2 scenarios with the read-only user available on FMC, with the below permissions: Users > User Roles > Name: Security Analyst (Read-Only) > menu based permissions (Health - enabled, Health policy - Disabled) - The available options on FMC gui are under User Roles are related to: Health policy and Health Events. There is no option for Monitor alerts specifically. - Also tried to create a custom user role but again no option for Monitor alerts. And got the same test outcomes
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases