Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-20456

nx-search-read privilege gives ability to see all

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 3.17.0, 3.18.0
    • Fix Version/s: None
    • Component/s: Search, Security
    • Labels:
      None
    • Environment:
      Chrome MacOSX

      Description

      I noticed that granting a user the nx-search-read privilege but no other privilege gives them the ability to see every component in NXRM on the default and custom screens (the format specific searches are hidden with just this setup).
      My expectation was that they would only be able to see things that they have repository-browse privilege for.

      ADDENDUM: Damian Bradicich was curious if I added limited browse-view privileges if it limited it to the items you had permissions for. Which it does seem to. So this is limited issue to when you just have just nx-search-read.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              jtom Joe Tom
              Last Updated By:
              Joe Tom
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title