Hello,
I am trying to create SOI for user accessing different features based on its portal group. Something like your examples NetLayerAccessSOI or NetOperationAccessSOI.
But I figured out that access according to Portal Group Name is not sufficient: anybody with User role on portal or higher can create group with same name and therefore grant access to some resources base on this.
This is quite a big security issue. I didn't find the way to access Portal groups IDs - which are unique in .NET SOI. Or does anybody have other way how to uniquely identify Portals’ groups?
Hello, I am trying to create SOI for user accessing different features based on its portal group. Something like your examples NetLayerAccessSOI or NetOperationAccessSOI.
But I figured out that access according to Portal Group Name is not sufficient: anybody with User role on portal or higher can create group with same name and therefore grant access to some resources base on this.
This is quite a big security issue. I didn't find the way to access Portal groups IDs - which are unique in .NET SOI. Or does anybody have other way how to uniquely identify Portals’ groups?
Thank you.