Folder security violations
Resolved
Hi,
On more than one occasion now a user from a client tenant has been able to modify a report that is 1) in the Default tenant and shared amongst client tenants, and 2) in a folder that restricts non-admin users to Read only.
The users definitely weren't part of the Admin group, so they should not have been able to edit the report.
Is there any explanation for what we're seeing? How can we prevent it in the future?
We're running Yellowfin 7.4 Build 20180824.
Regards,
Bogdan.
The same problem 
Hi Bogdan,
Thanks for reaching out. I'm unable to replicate this thus far. I gave a Client Org user Read-only access to a Content Folder and do indeed only have Read access:
If you've already ensured that the Read-only group is set to the appropriate Content Folder that the report in question is located within, and that the corresponding user is indeed in said group, I guess the next question would be: what happens if you try to access the report from that users account right now? Do they only have Read access?
Regards,
Mike
Hi Bogdan,
Thanks for reaching out. I'm unable to replicate this thus far. I gave a Client Org user Read-only access to a Content Folder and do indeed only have Read access:
If you've already ensured that the Read-only group is set to the appropriate Content Folder that the report in question is located within, and that the corresponding user is indeed in said group, I guess the next question would be: what happens if you try to access the report from that users account right now? Do they only have Read access?
Regards,
Mike
Hi Bogdan,
I just wanted to check in and see how things are going with this.
Regards,
Mike
Hi Bogdan,
I just wanted to check in and see how things are going with this.
Regards,
Mike
Hi Bogdan,
I'm going to go ahead and mark this one as Resolved since I haven't heard back from you, but if you have further questions or concerns on this, if you respond, it will re-open the case and put it back in my queue and I'll be happy to help.
Regards,
Mike
Hi Bogdan,
I'm going to go ahead and mark this one as Resolved since I haven't heard back from you, but if you have further questions or concerns on this, if you respond, it will re-open the case and put it back in my queue and I'll be happy to help.
Regards,
Mike
Replies have been locked on this page!