Product: TIBCO Spotfire®
Bookmark changes made on the TIBCO Spotfire Web Player disappear, and the Bookmark Service error "Unable to perform bookmark synchronization. You do not have sufficient privileges for this action." is seen in the logs.
A defect in the product which causes incorrect handling of permissions for Bookmark management can result in Web Player users being able to create/modify/delete bookmarks on analysis files that their login credentials do not have permission to change. These 'invalid' bookmark modifications are then present and accessible in the Web Player until the Web Player sessions are closed, at which point the changes will no longer be seen in the Web Player. This gives the impression that users' changes have been lost, even though they should not have been able to make those changes in the first place. No unauthorized changes are ever permanently saved to the Spotfire database.
Symptoms:
Changes to bookmarks made on the TIBCO Spotfire Web Player can appear to be lost. Such changes include bookmark creation, modification and deletion.
Bookmark changes can seem to 'disappear' since users without permission to create bookmarks are given access to create bookmarks in the Web Player GUI. The invalid bookmark changes will be present in the current Web Player session and appear to be present and be accessible to all users, but the Bookmark Service (which continually synchronizes bookmarks to the Spotfire Database in the background) will fail to synchronize those particular bookmark changes, and the following errors will appear in the Web Player logs:
ERROR 2014-04-14 14:43:00,703 [98, 210074807] Spotfire.Dxp.Services.SessionEnabledSoapClient - Failed to make web service call. WebRequest details: Timeout='3600000', RequestUri='http://mySpotfireServer/spotfire/ws/BookmarkService', Cookies='JSESSIONID=0C0CBAFDC33363E21EABCBC38888DCC2.VDCWP3912-srv' System.Net.WebException: The remote server returned an error: (500) Internal Server Error <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>You do not have sufficient privileges for this action.</faultstring><detail><ns2:LibraryException xmlns:ns2="http://spotfire.tibco.com/ws/2008/11/faults.xsd"><errorCode>Client.LibraryService.InsufficientAccess</errorCode><message>You do not have sufficient privileges for this action.</message><stackTrace xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"></stackTrace></ns2:LibraryException></detail></soap:Fault></soap:Body></soap:Envelope>. at Spotfire.Dxp.Framework.HttpClient.NativeWebResponse..ctor(NativeHttpClient httpClient, NativeWebRequest request) at Spotfire.Dxp.Framework.HttpClient.WinHttp.WinHttpWebRequest.GetResponseCore() at Spotfire.Dxp.Framework.HttpClient.NativeWebRequest.GetResponse() at Spotfire.Dxp.Services.SessionEnabledSoapClient.GetWebResponse(WebRequest request) ERROR 2014-04-14 14:43:00,859 [98, (null)] Spotfire.Dxp.Framework.ApplicationModel.NotificationService - Unable to perform bookmark synchronization. You do not have sufficient privileges for this action. at Spotfire.Dxp.Services.WebServiceBase`1.InvokeService[T](ServiceMethod`1 serviceMethod, ExceptionFactoryMethod exceptionFactoryMethod) at Spotfire.Dxp.Application.AnalyticItems.BookmarkCache.Update(List`1 added, List`1 updated, List`1 removed) at Spotfire.Dxp.Application.AnalyticItems.BookmarkCache.PerformSynchronization(ApplicationThreadSettings threadSettings) at Spotfire.Dxp.Application.AnalyticItems.BookmarkCache.Synchronize(ApplicationThreadSettings threadSettings ERROR 2014-04-14 14:43:00,182 [495, 502004614] Spotfire.Dxp.Services.SessionEnabledSoapClient - Failed to make web service call. WebRequest details: Timeout='3600000', RequestUri='http://mySpotfireServer/spotfire/ws/BookmarkService', Cookies='JSESSIONID=B811B72A84C384A82351C6E624AB9878.VDCWP3912-srv' System.Net.WebException: The remote server returned an error: (401) Unauthorized . at Spotfire.Dxp.Framework.HttpClient.NativeWebResponse..ctor(NativeHttpClient httpClient, NativeWebRequest request) at Spotfire.Dxp.Framework.HttpClient.WinHttp.WinHttpWebRequest.GetResponseCore() at Spotfire.Dxp.Framework.HttpClient.NativeWebRequest.GetResponse()
This error will continue to appear in the Web Player logs and the bookmark changes will still appear to be present and be accessible in the Web Player until those invalid bookmark changes are flushed from the Web Player, usually upon a Web Player application restart. At this point, the invalid bookmarks will have disappeared and will not be visible to users any longer.
Cause:
The bookmark permissions for a particular analysis file are managed with the following properties, as managed in the TIBCO Professional Client:
- Edit > Document Properties > Library tab > All users to add new bookmarks:
- Private bookmarks only (all users)
- Private (all users), public bookmarks (write permissions needed)
- Private and public bookmarks (write permissions needed)
- Private and public bookmarks (all users)
The issue occurs when cached versions of reports are shared between users with differing permissions as defined above. (The underlying data tables are shared, if applicable, whenever duplicate requests can make use of an existing cached item.) The cause of the issue is an incorrect association of these cached documents between user sessions. So if a user with permission to create bookmarks opens the analysis, then subsequent users will share that first user's bookmark permissions, even if those subsequent users' login credentials are not allowed to create bookmarks.
Apply the appropriate hotfix for your TIBCO Spotfire Web Player version:
- TS 4.5.2 HF-019
- TS 5.0.2 HF-018
- TS 5.5.1 HF-012
- TS 6.0.1 HF-007
- TS 6.5 HF-002
- Hotfix downloads (TIBCO Support Portal):