search

LinuxForHealth / FHIR

The LinuxForHealth FHIR® Server and related projects
https://linuxforhealth.github.io/FHIR
Apache License 2.0
321 stars 156 forks source link

Multi-tenancy: Users from a tenant can read data belongs to other tenants #4226

Closed quickbeard closed 1 year ago

quickbeard commented 1 year ago

Describe the bug It seems like in multi-tenancy environment, users from a particular tenant can actually access data belongs to other tenants.

Environment LFH FHIR Helm chart 0.9.1

Expected behavior Users from a particular tenant should not be able to access data from other tenants.

lmsurpre commented 1 year ago

Can you provide more information? If its sensitive in nature, feel free to direct message me on chat.fhir.org

quickbeard commented 1 year ago

Can you provide more information? If its sensitive in nature, feel free to direct message me on chat.fhir.org

Resolved by using multiple databases. Thanks!