Project

General

Profile

Bug #843

Any available lookup displayed - permissions are not respected

Added by secure diversITy about 10 years ago.

Status:
New
Priority:
High
Assignee:
-
Target version:
-
Start date:
09/17/2014
Due date:
% Done:

0%


Description

Hi

first of all thx for your great tool! Unfortunately it is not usable for us :-/

We have th need of a very strict access control. When the user has access to the Lookup Editor he can view ANY available lookup file and well thats not what makes sense in our opinion because you can bypass the permissions when allowing the user to view the lookup editor app. Yes you can not SAVE a file when you have not the permission but you can see the content!

That means a user can access information which he normally can NOT access because it will be displayed by the Lookup Editor app.

Expected behaviour:
Only the lookups the user have permissions to are displayed in lookup editor.

Also available in: Atom PDF