Issue: When moving packages from Public to My Packages the owner stays the same

Version 6

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x



    You have different departments. 2 of 5 are already working with Ivanti EPM. Now, the admin of a third department is testing Ivanti EPM to decide if they want to use Ivanti EPM.


    Scenario 1

    You have found a problem: The 3rd department can delete and edit every package which has not the 'Public User' as Owner in 'Public packages'. They have NO 'edit public' permissions, they just have 'edit'.


    Scenario 2

    The software engineer for Ivanti EPM creates packages in the team folder. He tests the packages and if the tests are OK, he moves them into 'Public packages'. When he moves the packages into public, the owner will not be set as 'Public User'.


    The owner would not be the problem, the problem is that the permissions are in relation to the owner. So when the owner of a package is not 'Public User', every user with a simple 'edit' permission can do everything.


                                                                                                Firefox package with the wrong Owner



    When moving packages from one folder to another the owner does not change and the permissions needed or associated with each package are derived by who the owner of the package is. So as described above if the package is moved from a team folder or a 'my' folder then the original owner will stay and the permissions associated with it as well.



    It is highly recommended that you change the owner and therefore the permissions of every package manually to 'public owner' to prevent the above problems. And then include the action of changing the owner from original owner to the public user in the process of testing and making the packages ready for deployment,


    If you have a lot of packages with this issue already within the public packages folder you can run the following query on the Ivanti EPM database to fix the permissions on the packages and change the owners to 'Public user' quickly.


    It is recommended that you make a backup of the database before applying this query as a pre-cautionary step.


    USE [name of LDMS DB]
    -- Declare the variable to be used
    DECLARE @PublicPackageidn int; 
    -- Initialize the variable.
    SET @PublicPackageidn = (SELECT PACKAGE_IDN
      FROM [PACKAGE] where NAME = 'Public packages');
     WITH SubStruc(Parent, Child, Name) AS
                     PACKAGE_IDN AS Child,
                           TYPE AS Name
       WHERE T.RELATIONSHIP_IDN = 0 -- IDN of start
       UNION ALL SELECT Parent,
                           TYPE AS Name
       FROM SubStruc AS S
       INNER JOIN PACKAGE_RELATIONSHIPS AS T ON S.Parent = T.PACKAGE_IDN-- going down inside the structure
     update PACKAGE set ConsoleUser_Idn=(SELECT [ConsoleUser_Idn] FROM ConsoleUser WHERE UserName = 'Public User') 
     where PACKAGE_IDN in (SELECT Child FROM SubStruc)


    Results below:

    Owner corrected