It looks like this plugin blindly accepts input for a list of SID's to assign to a role of all kinds which is malformed. It will blindly accept input of the form 'sidX, sidY, sidZ' and I think interpret this as one SID of the entire string, rather than three separate SID's to add, separated by commas.

It's kinda dumb and I should have known better from the outset because the input box says 'SID' (singular). The list of SID's granted access is given  under a heading of 'SIDs' above the input box in comma-separated form. The temptation of course is to cut and paste the list of SID's from one policy into a new one, etc.

The problem is that in the UI those two situations are indistinguishable and there is no error emitted when you do provide a comma-separated list to the SID input box. So this could be fixed in three ways I guess:

• Reject comma separated lists of SID's in that input box.
• Allow comma-separate SID's and process then as lists, not one SID with spaces and commas in it.
• Change the UI to list out the individual SID's differently (eg. enquoted, or one-per-line) so you can clearly see if this problem has manifested itself.

Even just the existence of this bug report so other people can find it out in future could be considered some kind of resolution in itself I suppose.

I'm afraid my java skills are not quite up to interpreting the code quickly enough to submit an MR/PR to fix this, but maybe another day. It would probably be better all round if someone more familiar with java did so though.

PS. As an aside the error handling when the policy name is too long is not great. It just spews some HTML code into a pop-up box, rather than emitting a sensible error message. Also there is no way to add or remove controls from a policy after creation (only view) so the plugin rather leads you towards this hacky method of cloning a policy when you need to make minor alterations.