Attachment view security - Urgent (Maybe bug)
I use CMIS integration in one of my app. I have configured an access when rule in attachment category. For test scenarios;
- Added "never" to view the attachment.
- Clicked on an attachment in case attachments section and pop-up is showed up which indicates lack security(OK)
- Clicked edit attachment.
- Opened version history.
- Clicked attachment name.
- Attachment is downloaded.(Fail, maybe bug)
- Attached a new document using pulse.
- Clicked attachment in Pulse feed.
- Attachment is displayed and downloadable.(Fail, maybe bug)
In addition, I have customized pyCanDisplayAttachments when rule and it works on Case Attachments section. But when that rule is false, I can still see the attachments in Pulse feed. (Maybe this is a bug also)
I hope you can understand my test scenarios. The app is very dependent on security rules. How can I fix those behaviors? Should I raise an SR?
***Edited by Moderator Marissa to update Content Type from Discussion to Question***
***Edited by Moderator Marissa to update SR Details***
Keep up to date on this post and subscribe to comments
- Is there a property (maybe in ootb) to express the count/number of pages of a list/group?
- PRPC Security- RuleInstances can be applied to...
- Security- Users/Hackers are able to get the active connection list using PRTraceServlet URL
- Information Security- Session management
- IS there a bug for set attachment category in the Attach content control?