Bug #843: Any available lookup displayed - permissions are not respected - Lookup Editor - LukeMurphey.net

Bug #843

Any available lookup displayed - permissions are not respected

Added by secure diversITy over 9 years ago.

Status:

New

Priority:

High

Assignee:

Target version:

Start date:

09/17/2014

Due date:

% Done:

Description

first of all thx for your great tool! Unfortunately it is not usable for us :-/

We have th need of a very strict access control. When the user has access to the Lookup Editor he can view ANY available lookup file and well thats not what makes sense in our opinion because you can bypass the permissions when allowing the user to view the lookup editor app. Yes you can not SAVE a file when you have not the permission but you can see the content!

That means a user can access information which he normally can NOT access because it will be displayed by the Lookup Editor app.

Expected behaviour:
Only the lookups the user have permissions to are displayed in lookup editor.

Also available in: Atom PDF

Project

General

Profile

Splunk Apps » Lookup Editor

Issues

Custom queries

Bug #843

Any available lookup displayed - permissions are not respected