Due to the page /mnt/overlay/netcentric/actool/content/overview.html/actool being accessible to almost everyone it is possible to get insights about permissions and groups being set up on the system even for users which don't have read access on the relevant repository paths.
In order to prevent circumventing the user's permissions the export/dump functionality should only be exposed to users which are also allowed to apply AC Tool configurations (i.e. ones which have access to the Felix Web Console)
It is possible to download a dump file via the Touch UI page: https://github.com/Netcentric/accesscontroltool/blob/develop/docs/ApplyConfig.md#touch-ui
Due to the page
/mnt/overlay/netcentric/actool/content/overview.html/actoolbeing accessible to almost everyone it is possible to get insights about permissions and groups being set up on the system even for users which don't have read access on the relevant repository paths.In order to prevent circumventing the user's permissions the export/dump functionality should only be exposed to users which are also allowed to apply AC Tool configurations (i.e. ones which have access to the Felix Web Console)