Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-12532

SQL Server concurrent ACL update can corrupt the Read ACL

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 5.5.0-HF19, 5.6.0-HF23, 5.7.2
    • Fix Version/s: 5.6.0-HF24, 5.7.3
    • Component/s: Core VCS

      Description

      This is specific to SQL Server when using the Read ACL optimization (activated by default).

      Since we have change the isolation NXP-10640, the stored procedure to update the read ACLs may fail (silently) on concurrency.

      This means that some ACL changes will not be taken in account on the materialized read ACLs (ACLR tables). These leads to documents not visible in content view, however documents are still accessible using direct URL. Note that there is no security risk because document access is checked using ACL table (and not ACLR).

      Rebuilding the ACLR fix this problem (EXEC nx_rebuild_read_acls)

      The nx_update_read_acl procedure was implemented to work with a snapshot isolation it should be rewrite to work on read committed isolation.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                PagerDuty

                Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.