You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I created a user who can only access a TAXII collection in order to share data. I have a Role containing only one capability: Access Data Sharing (and nothing else).
He can access the TAXII collection, as desired
But it can also access the interface. This isn't a problem, because he can't see anything.
However, he can click on the “Data > Data sharing” menu.
When he does this, two problems arise:
He sees the page for a quarter of a second, and therefore sees the existing Live streams (which shouldn't be possible).
It is thrown out of the platform rather than getting a “you are not authorized to access this screen” error message.
Environment
OCTI 6.3.6
Reproducible Steps
Steps to create the smallest reproducible scenario:
Create a user part of a group with all markings and with a role containing only "Access data sharing"
Log on to the platform with this user and try to access the “Data > Data sharing” page.
Expected Output
No “Data > Data sharing” button at all
OR
Have it but:
No page preview for a quarter of a second
Get an error message rather than getting thrown out
NB: Even better would be not to be able to log in to the interface ;)
The text was updated successfully, but these errors were encountered:
Lhorus6
added
bug
use for describing something not working as expected
needs triage
use to identify issue needing triage from Filigran Product team
labels
Oct 23, 2024
Description
I created a user who can only access a TAXII collection in order to share data. I have a Role containing only one capability: Access Data Sharing (and nothing else).
However, he can click on the “Data > Data sharing” menu.
When he does this, two problems arise:
Environment
OCTI 6.3.6
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
No “Data > Data sharing” button at all
OR
Have it but:
NB: Even better would be not to be able to log in to the interface ;)
The text was updated successfully, but these errors were encountered: