ACSD-53414: Restricted admin users can see CMS pages outside their permissions scope

The ACSD-53414 patch fixes the issue where a restricted admin user can see CMS pages outside their permissions scope. This patch is available when the Quality Patches Tool (QPT) 1.1.40 is installed. The patch ID is ACSD-53414. Please note that the issue is scheduled to be fixed in Adobe Commerce 2.4.7.

Affected products and versions

The patch is created for Adobe Commerce version:

  • Adobe Commerce (all deployment methods) 2.4.6-p1

Compatible with Adobe Commerce versions:

  • Adobe Commerce (all deployment methods) 2.4.6 - 2.4.6-p3
NOTE
The patch might become applicable to other versions with new Quality Patches Tool releases. To check if the patch is compatible with your Adobe Commerce version, update the magento/quality-patches package to the latest version and check the compatibility on the Quality Patches Tool: Search for patches page. Use the patch ID as a search keyword to locate the patch.

Issue

Restricted admin users can see CMS pages beyond their permissions scope.

Steps to reproduce:

  1. Create a new website (sub_website), store (sub_store), and storeview (sub_storeview).

  2. Create a sub_expert role, allowing the scope of sub_website and sub_store. Assign the following permissions only: Dashboard and Pages.

  3. Create a new admin user and assign it to the sub_expert role.

  4. Assign the following CSM pages to sub_storeview and default storeview.

    • 404 Not Found > Sub storeview
    • 503 Service Unavailable > Default storeview
  5. Sign in to the Admin using the admin user created in Step 3.

  6. Check the CMS page grid.

Expected results:

503 Service Unavailable page is not visible to the web admin.

Actual results:

503 Service Unavailable is visible to the web admin.

Apply the patch

To apply individual patches, use the following links depending on your deployment method:

To learn more about Quality Patches Tool, refer to:

For info about other patches available in QPT, refer to Quality Patches Tool: Search for patches in the Quality Patches Tool guide.

recommendation-more-help
c2d96e17-5179-455c-ad3a-e1697bb4e8c3