Folder security violations

Bogdan Kiselitsa shared this problem 1 week ago
Awaiting Reply

Hi,

On more than one occasion now a user from a client tenant has been able to modify a report that is 1) in the Default tenant and shared amongst client tenants, and 2) in a folder that restricts non-admin users to Read only.

The users definitely weren't part of the Admin group, so they should not have been able to edit the report.

Is there any explanation for what we're seeing? How can we prevent it in the future?

We're running Yellowfin 7.4 Build 20180824.

Regards,

Bogdan.

Comments (1)

photo
1

Hi Bogdan,

Thanks for reaching out. I'm unable to replicate this thus far. I gave a Client Org user Read-only access to a Content Folder and do indeed only have Read access:

/D5iHHXfSjUzpAAAAAElFTkSuQmCC

If you've already ensured that the Read-only group is set to the appropriate Content Folder that the report in question is located within, and that the corresponding user is indeed in said group, I guess the next question would be: what happens if you try to access the report from that users account right now? Do they only have Read access?

Regards,

Mike