Hiding and enabling Dropbox gives full set of permissions to non-maintainer roles

Also we have about 2000 records where the realm is set to a dropbox function_key with a function_name of

”dropbox.own | dropbox.maintain | dropbox.maintain.own.groups”

is that normal? should we delete the sakai_realm_rl_fn records using that function? should we delete that function key from sakai_realm_function?

sorry, about that. I didn’t see your first comment because of the new look of the “view 11 remaining older comments” button

Thanks!

The MySql query I talked about is in the first comment that I wrote in September 14th in this JIRA. After it, you have the Oracle version of my query from Brian Jones.

Maybe the last query of Marty Soupcoff is better though, I haven’t compared them.

Sam created bulk of below query for us and then I tweaked a bit as needed. We set up on a cron and anytime it found one I’d manually go into realms and fix.

I'm going to paste a query in the comments to detect incorrect permissions in database

Do you have this query? I also, have one (for the SELECT), but I’d like to compare it with what you came up with.

Do you also have one to delete the bad records? We’re no longer using the Admin Permissions tool since it was said on the sakai-dev forums that the performance is bad and a direct reply from another developer said to stop using it.