TAXII collection not accessible which is created by user on the demo website.

[NeerajGulia]

Description

TAXII collection is not accessible which is created by the user on the demo website. Same I am able to replicate to my local instance of OpenCTI

Environment

1. OS: Ubuntu 22.04
2. OpenCTI version: 6.3.6
3. OpenCTI client: frontend and python
4. Other environment details:

Reproducible Steps

Steps to create the smallest reproducible scenario:

1. Login to the demo website - https://demo.opencti.io/
2. Go to Data -> Data Sharing
3. Create TAXII Collection
4. Disable "public collection"
5. Do not enter anything in "Accessible for" (I even tried adding group and organization to which user belongs, but still did not work)
6. Create collection
7. From the UI click on the collection
8. It will land user to collection objects - https://demo.opencti.io/taxii2/root/collections/d8c28de9-1a9d-4fbf-a88d-dd16a53af7c4/objects
9. gives error - {"title":"You are not allowed to do this.","error_code":"GraphQLError","http_status":500}
10. Gives same error if try to access the collection using python TAXII client library - taxii2client

Expected Output

Logged in user should be able to access the TAXII collection for non public collections.

Actual Output

Authentication fails and user not able to access the taxii collection. The collection is accessible only if I use admin credentials, or if I enable "public taxii collection" while creating the taxii collection.

Additional information

Screenshots (optional)

[aHenryJard]

Hello @NeerajGulia have you set your own user in "Accessible for" ? It should work that way.

[NeerajGulia]

Hello @NeerajGulia have you set your own user in "Accessible for" ? It should work that way.

Hello @aHenryJard I verified and added own user in "Accessible for", but its not working. I even tried adding groups, organizations etc as well.

[nino-filigran]

I've reproduced this issue. Only way to access the TAXII is by making it public, which is not desired.