Hello, since the V12.5.1 update, there is a problem with the visibility of assignments and assignments on activities and meetings despite no changes to profiles or profile rights.
Yes, security has been reinforced.
If profile has no access to a given screen, he cannot acces items of this Class.
We just found (this morning) that this may have unexpected behavior in some cases, as some configurations may use this security leak.
if UserX has default profile P1 and is allocated to project Y with profile P2.
Profile P1 can see screen of object O (defined in habilitation) and P2 cannot see it, but with acces to data, P1 can see "items of his projects" and P2 also.
Before the fix, UserX could access to Objects of class O on project Y, depite the fact that profile P2 has not access to Screen of objects O.
So this is due to misconfiguration of access rights on the allocation profile.
We are working on workaround to loosen constraints but keep security enforced.
So if default profile of user X gives him access to screen of Object O, we won't systematically block access to data of projects where user has profile with no access to the screen.
It is the access to data that will tell if user can see item or not.
En poursuivant votre navigation, vous acceptez le dépôt de cookies tiers destinés au bon fonctionnement et à la sécurisation du site (gestion de session, reCaptcha) et à une analyse statistique anonymisée des accès sur notre site (Google Analytics). Si vous vous inscrivez, les informations que vous fournirez ne seront jamais divulguées à un tiers sous quelque forme que ce soit. En savoir plus
Cookies settings
×
Functional Cookies
Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.
Session
Please login to see yours activities!
Other cookies
Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.
Support us on Capterra
