Data sharing with organizations (i.e. organization segregation) does not take into account organizations added to the user by the inference engine.
Environment
OCTI 6.3.13
Reproducible Steps
Steps to create the smallest reproducible scenario:
Create 3 Organization
"New org" organization
"Child" organization which is Child org of "New org" (i.e. create a relation "Child" -> part of -> "New org")
"Parent" organization which is Parent org of "New org" (i.e. create a relation "New org" -> part of -> "Parent")
Activated this inference rule
Create user A with read only capa (i.e. access knowledge) + all marking allowed + part of "New org". With the inference rule, you will have "Parent" org which will also be added automatically.
Create 3 Report
"Child" report, shared with "Child" org
"New org" report, shared with "New org" org
"Parent" report, shared with "Parent" org
Example
Log in with user A and see the list of accessible reports
Expected Output
As I am part of New org (manually added), and Parent (added by inference rule), I hope to see the "New org" and "Parent" reports.
Actual Output
I only see what is shared with "New org", not what is shared with "Parent".
Additional information
If I remove "New org" from the user A, "Parent" is also automatically removed (which is normal). If I now manually add "Parent", then "New org" (so both are added manually, and not thanks to the inference rule) I see the two expected reports. The problem therefore seems that the inferred membership is not taken into account in the segregation by organization.
Additional idea
Shouldn't we have an automatic mechanism (without the need for an inference rule)?
Example:
If I am part of "New org", I inherit from "Parent" (or "Child" I don't know). And so, even if I am not part of "Parent" (or "Child"), I still see the information shared with it.
It's an idea, I don't know if it's desired. But in any case this is currently not the case (you can redo the repro case of this issue, but without activating the inference rule, you will see)
Description
Data sharing with organizations (i.e. organization segregation) does not take into account organizations added to the user by the inference engine.
Environment
OCTI 6.3.13
Reproducible Steps
Steps to create the smallest reproducible scenario:
Example
Expected Output
As I am part of New org (manually added), and Parent (added by inference rule), I hope to see the "New org" and "Parent" reports.
Actual Output
I only see what is shared with "New org", not what is shared with "Parent".
Additional information
If I remove "New org" from the user A, "Parent" is also automatically removed (which is normal). If I now manually add "Parent", then "New org" (so both are added manually, and not thanks to the inference rule) I see the two expected reports. The problem therefore seems that the inferred membership is not taken into account in the segregation by organization.
Additional idea
Shouldn't we have an automatic mechanism (without the need for an inference rule)?
Example:
If I am part of "New org", I inherit from "Parent" (or "Child" I don't know). And so, even if I am not part of "Parent" (or "Child"), I still see the information shared with it.
It's an idea, I don't know if it's desired. But in any case this is currently not the case (you can redo the repro case of this issue, but without activating the inference rule, you will see)