I have a problem that looks like a ARS database version problem - cannot give a different explanation. Let me explain:
I have created several access templates and applied them to several OUs and several security groups. One of the access templates is quite simple : I only give read access to all user object properties (no write whatsoever). For testing purposes (to check what the users will see) I also created a test user and added him to the security group. Tested and everything worked fine. User was then removed from the Security Group.
I then had another access template that gave access to another security group to manage Unified Messaging (enable, disable, reset PIN etc). I added the test user in this group and again eveything worked fine.The test user was removed again
To re-check everything (after several changes in other access templates) I added the test user to the first security group (the one that was supposed to have only read access to the user objects. That's the point hell broke loose and I started getting strange behaviour from the web interface. Although doubled checked (no nestings etc), the group that was supposed to have read only access, now (at least for this test user, has full Unified Messaging access rights, although he was not supposed to. No way to trace those access rights to an access tempate or nesting or group membership either direct or indirect.
User deleted and recreated and the whole process above repeated (same steps, same behavior at least from the Web Interface).
This raises a security problem and can not be tolerated. We have to find a solution.
What worries me and makes me believe that a have a database version/corruption problem is that I checked the user activity for this user and I see actions attributed to this user although the user has not performed those actions (and I am 100% sure about this)
Another reason I am suspecting a database problem, is an article that i read (dated March 29 2013) that mentioned an upgrade required but this was for 6.7 - nevertheless i had to do with Unified Messaging capabilities. In our case, we used to have 6.7 then upgraded to 6.8 but I do not recall having applied the 6.7 patches (and I am sure that these this not work 100% all the times)
Your guidance is required to trace the problem - where should we start searching? Can we verify the DB schema?
Best regards