Folder security violations

Bogdan Kiselitsa shared this problem 5 years ago
Resolved

Hi,

On more than one occasion now a user from a client tenant has been able to modify a report that is 1) in the Default tenant and shared amongst client tenants, and 2) in a folder that restricts non-admin users to Read only.

The users definitely weren't part of the Admin group, so they should not have been able to edit the report.

Is there any explanation for what we're seeing? How can we prevent it in the future?

We're running Yellowfin 7.4 Build 20180824.

Regards,

Bogdan.

Replies (3)

photo
1

Hi Bogdan,

Thanks for reaching out. I'm unable to replicate this thus far. I gave a Client Org user Read-only access to a Content Folder and do indeed only have Read access:

/D5iHHXfSjUzpAAAAAElFTkSuQmCC

If you've already ensured that the Read-only group is set to the appropriate Content Folder that the report in question is located within, and that the corresponding user is indeed in said group, I guess the next question would be: what happens if you try to access the report from that users account right now? Do they only have Read access?

Regards,

Mike

photo
1

Hi Bogdan,

I just wanted to check in and see how things are going with this.

Regards,

Mike

photo
1

Hi Bogdan,

I'm going to go ahead and mark this one as Resolved since I haven't heard back from you, but if you have further questions or concerns on this, if you respond, it will re-open the case and put it back in my queue and I'll be happy to help.

Regards,

Mike

Leave a Comment
 
Attach a file