Only allow users with elevated permissions to download a dump #707
Assignees
Milestone
Comments
kwin
added a commit
that referenced
this issue
May 3, 2024
This format is compatible with https://helpx.adobe.com/enterprise/using/bulk-upload-users.html#csv-format Fix Web Console deployment with sling-m-p This closes #703 This closes #443 This closes #707
kwin
added a commit
that referenced
this issue
May 7, 2024
This format is compatible with https://helpx.adobe.com/enterprise/using/bulk-upload-users.html#csv-format Fix Web Console deployment with sling-m-p This closes #703 This closes #443 This closes #707
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It is possible to download a dump file via the Touch UI page: https://github.com/Netcentric/accesscontroltool/blob/develop/docs/ApplyConfig.md#touch-ui
Due to the page
/mnt/overlay/netcentric/actool/content/overview.html/actoolbeing accessible to almost everyone it is possible to get insights about permissions and groups being set up on the system even for users which don't have read access on the relevant repository paths.In order to prevent circumventing the user's permissions the export/dump functionality should only be exposed to users which are also allowed to apply AC Tool configurations (i.e. ones which have access to the Felix Web Console)
The text was updated successfully, but these errors were encountered: