Question

Attachment view security - Urgent (Maybe bug)

Hi,

I use CMIS integration in one of my app. I have configured an access when rule in attachment category. For test scenarios;

  • Added "never" to view the attachment.
  • Clicked on an attachment in case attachments section and pop-up is showed up which indicates lack security(OK)
  • Clicked edit attachment.
  • Opened version history.
  • Clicked attachment name.
  • Attachment is downloaded.(Fail, maybe bug)
  • Attached a new document using pulse.
  • Clicked attachment in Pulse feed.
  • Attachment is displayed and downloadable.(Fail, maybe bug)

In addition, I have customized pyCanDisplayAttachments when rule and it works on Case Attachments section. But when that rule is false, I can still see the attachments in Pulse feed. (Maybe this is a bug also)

I hope you can understand my test scenarios. The app is very dependent on security rules. How can I fix those behaviors? Should I raise an SR?

Thank you.

Version 7.4

***Edited by Moderator Marissa to update Content Type from Discussion to Question***

***Edited by Moderator Marissa to update SR Details***

Group Tags

Comments

Keep up to date on this post and subscribe to comments

August 22, 2019 - 9:03am

Hi Engincan,

I would suggest opening up an SR.  When you do, please provide screenshots of your setup and scenario so the engineer can review those details.  Also, reply back here with the SR#.

August 23, 2019 - 2:30am
Response to BradTainter_GCS

SR is opened: SR-D40424