I created a user who can only access a TAXII collection in order to share data. I have a Role containing only one capability: Access Data Sharing (and nothing else).
He can access the TAXII collection, as desired
But it can also access the interface. This isn't a problem, because he can't see anything.
However, he can click on the “Data > Data sharing” menu.
When he does this, two problems arise:
He sees the page for a quarter of a second, and therefore sees the existing Live streams (which shouldn't be possible).
It is thrown out of the platform rather than getting a “you are not authorized to access this screen” error message.
Environment
OCTI 6.3.6
Reproducible Steps
Steps to create the smallest reproducible scenario:
Create a user part of a group with all markings and with a role containing only "Access data sharing"
Log on to the platform with this user and try to access the “Data > Data sharing” page.
Expected Output
No “Data > Data sharing” button at all
OR
Have it but:
No page preview for a quarter of a second
Get an error message rather than getting thrown out
NB: Even better would be not to be able to log in to the interface ;)
Description
I created a user who can only access a TAXII collection in order to share data. I have a Role containing only one capability: Access Data Sharing (and nothing else).
However, he can click on the “Data > Data sharing” menu.
When he does this, two problems arise:
Environment
OCTI 6.3.6
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
No “Data > Data sharing” button at all
OR
Have it but:
NB: Even better would be not to be able to log in to the interface ;)