Name: PK30573
=============
 
Summary:
   'user' role users may store JSR 168 portlet preferences 
 
Problem Description:
   If a JSR 168 compliant portlet allows to store portlet preferences in VIEW mode, users with 'user' role only on the page are allowed to store portlet preferences and will change portlet preferences for all users in this role (they can change shared data). This must not be allowed.
   
 
Problem Solution:
   
   Code was removed: As a performance optimization, the CreatePortletShadowCommand was changed to not throw a missing access rights exception in the "mock" mode. This introduced the problem described. The optimization was removed as it constitutes a bug.
   
 
Failing Module(s):
   Customization
 
Affected Users:
   All users
 
Version Information:
    Portal Version(s): 6.0.0
     Pre-Requisite(s): 
      Co-Requisite(s): ---
 
Platform Specific:
   This fix applies to all platforms.
 
Installation:
   NOTE:  YOU MUST FIRST DOWNLOAD THE UPDATE INSTALLER TOOL IN ORDER TO INSTALL A FIX.
          The Portal Update Installer can be downloaded from the following link:
          http://www.ibm.com/software/genservers/portal/support
 
   1. Create temporary "fix" directory to store the jar file.
   2. Copy jar file to this directory.
   3. Shutdown WebSphere Portal.
   4. Follow the fix installation instructions that are packaged with
      the Portal Update Installer on how to install the fix.
   5. Restart WebSphere Portal.
   6. The temporary directory may be removed.
 
Un-Installation:
   NOTE:  FIXES MUST BE REMOVED IN THE ORDER THEY WERE APPLIED.  DO NOT REMOVE
          A FIX UNLESS ALL FIXES APPLIED AFTER IT HAVE FIRST BEEN REMOVED.
          YOU MAY REAPPLY ANY REMOVED FIX.
 
   1. Shutdown WebSphere Portal.
   2. Follow the instructions that are packaged with the
      Portal Update Installer on how to uninstall the fix.
   3. Restart WebSphere Portal.