[CKAN-support] Request received: Possible security weakness?
Aaron McGlinchy
McGlinchyA at landcareresearch.co.nz
Wed Aug 27 01:27:42 UTC 2014
Further to my previous message, it seems that if testmember is a member of a group, and that group contains private datasets, then testmember can see the private datatsets via a featured group. If I remove testmember from the group, then they no longer see the private datasets of that group.
Group membership should not be conveying rights to see private datasets exist, that should be governed only by Organisation membership.
Aaron
From: support at ckan.org [mailto:support at ckan.org]
Sent: Wednesday, 27 August 2014 1:22 p.m.
To: Aaron McGlinchy
Subject: Request received: Possible security weakness?
##- Please type your reply above this line -##
Hi Aaron,
Thank you for contacting us.
We strive to respond to all e-mail enquiries as soon as possible.
Thank you for your patience and best wishes!
This email is a service from Open Knowledge. Delivered by Zendesk<http://www.zendesk.com/help-desk-software/?utm_medium=poweredbyzendesk&utm_source=email-notification&utm_campaign=text>.
Message-Id:EAXN2FNB_53fd32b1226d4_6d2f3fd6d2eb3320242804f_sprut
________________________________
Please consider the environment before printing this email
Warning: This electronic message together with any attachments is confidential. If you receive it in error: (i) you must not read, use, disclose, copy or retain it; (ii) please contact the sender immediately by reply email and then delete the emails.
The views expressed in this email may not be those of Landcare Research New Zealand Limited. http://www.landcareresearch.co.nz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/ckan-support/attachments/20140827/caa8646d/attachment-0002.html>
More information about the ckan-support
mailing list