Follow

Issue: After upgrading to 19.2, security option for "Private Key Read" is no longer selected for any/all users and groups.

Applies To:

Any version upgraded to 19.2.  This does not apply to a clean install on 19.2, as it only occurs on upgrade.

Summary:

After upgrading to 19.2, the permission for "Private Key Read" appears to have been removed from everyone who had it specifically granted. This right is granted at the policy level for users and groups specifically assigned at that folder level, as seen below.

Private_Key_Read_bug.png

This check box, if selected previously, will be missing after the upgrade.

Cause:

NOTE: This is purely cosmetic. Those permissions still exist in the database and private key read requests will still be honored!

This issue is caused by a change in how we track permissions in 19.2. A new permission was added for additional HSM functionality. However, since this is a new permission, no upgrading customer could have it applied, so it shows as not being granted in the UI, but only in the UI.

This is only a UI issue, and does not affect functionality when it comes to the the previously granted rights to download private keys from Venafi.

NOTE: For new users of 19..2, this issue will never occur.

Resolution:

There are 3:

  1. Ignore the issue. Nothing is actually wrong, though it's definitely confusing! On the next patch or upgrade, it will be resolved.
  2. Reapply the rights to all users as necessary. This will fix the display issue by assigning the new rights as well.
  3. Apply a new patch / upgrade when the patch or upgrade is available. For instance, the 19.2.1 patch will resolve this display issue.
Was this article helpful?
0 out of 0 found this helpful

Comments