Can't save changes on dublicated Access Policies and Policy Templates

Quote from: 9thwave at Sep 07, 2011, 07:25 PM

I can see the database-truncate setting in Access Controls/Policy Templates if i right click on AdministratorTemplate....but i do i just remove this altogether?

Hi 9thwave

To remove a permission
- from Policy Template: rightclick on it an choose 'remove', then save it.
- from Access Policy: uncheck it, then save it.

Hope that helps.

Hi Webaff,

Thanks very much...removing database_truncate fixes the issue.
All i need to do now is find out why the package management doesn't work and i'll be able to run revo successfully on my web server:-)

This sounds like an issue being caused by mod_security filtering on your server. In all likelihood, it is seeing the word "truncate" and not allowing the POST to ever make it to the server to save the changes.

so whatever mod_security is being triggered could be turned off, is that correct?

Some hosts allow the filtering to be configured (or turned off) via .htaccess rules, some don't. It really depends on your hosting environment on whether you can modify this.

Thanks, opengeek, for clearing that up.
I'll contact my hosting provider for that purpose.

But what is 'database_truncate' for anyway?
Where is this permission needed?
Is it a bad idea to let it deactivated?

Truncating a database table means to empty it of all it's records. This is a pretty dangerous SQL command to allow in a web application and is likely why they have a filter for any POST values with this string in it. However, it is used to let MODX administrators empty certain log tables that can become bloated over time, or to flush all session records in the database. It is not critical to typical workflow in MODX, but you might miss it if you need to empty the manager log table or reset everyone's session.

Didn't see this 13 months ago. In all that time I could not save an updated duplicate access policy. Could not even rename a duplicated access policy in Modx Revolution. Tried again today and got a new form of weirdness when trying just to rename a duplicate access policy in MODX Revolution 2.2.4-pl traditional - after clicking "Save" the "Save Successful" doesn't show (hasn't shown for the past 13 months) and suddenly styling from the main website starts making a mess of the manager and whatever I click takes me out of the manager to the front end of the website.

The solution (as mentioned above): Go to Security -> Access Controls -> Policy Templates, then right-click database_truncate and delete it, then save.

Feels a bit scary, but it does the trick. All weirdness disappears and you can update duplicated access policies normally henceforth.

A massive thanks to 9thwave, webaff and opengeek for finding the solution.