ACL by-passing in license version of XOA | Revenue leakage

[irtaza9]

I was trying to add acl on a user from XO. I have a licensed for my XOA. In paid version you are not allowed to use acl and few more features.

The below image is showing this.

But then I configured the JSON-RPC for the same XOA which is paid and signedin via admin user irtaza.hussain and call acl.add method with required payload. In the payload subject is a normal user of my XO which have no acl applied yet and I want to assign a VM to him and object is the VM which I want to assign him as an admin to the VM.

When I called the acl.add method via irtaza.hussain who is an admin user of same host then I get result: true from the JSON-RPC api - means you can use acl feature in normal licensee too. In a good faith I am sharing this with you so you can perform necessary action accordingly.

After acl being applied to the irtazahussain (db3253f7-94a8-4d5d-91c3-c65896e3c4a0) here is the ss

[plane-sync-vates]

Synced Issue with Plane Workspace 🔄

XO-834 ACL by-passing is license version of XOA | Revenue leakage