MDVA-41628: Restricted admin users get access to new resources
The MDVA-41628 patch fixes the issue where the restricted admin users are able to access the new resources when new modules are added. This patch is available when the Quality Patches Tool (QPT) 1.1.12 is installed. The patch ID is MDVA-41628. Please note that the issue is scheduled to be fixed in Adobe Commerce 2.4.5.
Affected products and versions
The patch is created for Adobe Commerce version:
- Adobe Commerce (all deployment methods) 2.4.2-p1
Compatible with Adobe Commerce versions:
- Adobe Commerce (all deployment methods) 2.4.0 - 2.4.3-p1
magento/quality-patches package to the latest version and check the compatibility on the Quality Patches Tool: Search for patches page. Use the patch ID as a search keyword to locate the patch.Issue
Restricted admin users can get access to the new resources when new modules are added.
Steps to reproduce:
- Create a new admin user role with restricted resources.
- Create a new admin user under the role created in step one.
- Install and enable the custom module that creates a new set of menu items along with ACL resources.
- Log in using the newly created admin user.
Expected results:
The admin user with restricted access is unable to access the newly created menu items.
Actual results:
The restricted admin user is able to access the new menu items, even though the new resources are not assigned to the user role.
Apply the patch
To apply individual patches, use the following links depending on your deployment method:
- Adobe Commerce or Magento Open Source on-premises: Software Update Guide > Apply Patches in our developer documentation.
- Adobe Commerce on cloud infrastructure: Upgrades and Patches > Apply Patches in our developer documentation.
Related reading
To learn more about Quality Patches Tool, refer to:
- Quality Patches Tool released: a new tool to self-serve quality patches in our support knowledge base.
- Check if patch is available for your Adobe Commerce issue using Quality Patches Tool in our support knowledge base.
For info about other patches available in QPT, refer to Patches available in QPT in our developer documentation.