Kedae
commented
1 day ago From my understanding this is the expected behavior : confidence level is computed from the lowest of the groups of the user.
Open nhuber0724 opened 2 days ago
Kedae
commented
1 day ago From my understanding this is the expected behavior : confidence level is computed from the lowest of the groups of the user.
jasonniver
commented
17 hours ago If the user logs in with two groups one with say 80 and one with 100 confidence, they will get the 100 confidence, which would seem to indicate that the expected behavior of membership in multiple groups is to pick the highest confidence.
Higher confidence being the winner also seems to be the logical approach. Take for instance you have an "everyone" group in your OIDC provider, you map that to a group that has a very log confidence score to give some access. If the system always pick the lowest confidence, then there would be no way to bump a user's confidence by adding them into a group (like analysts, incident responders, etc).
It seems more that the user's confidence is locked when the account is created, it ignores changes after the fact.
Description
When a user is added to one group with one level of confidence and is later added to another group with a higher level of confidence, the platform will defer to the original confidence level and will not reflect the higher level confidence of the newly added group. As a result, the user is unable to take action on entities with a higher confidence level than the confidence level in the original group.
Environment
OpenCTI v6.4
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
The user's confidence level should reflect the recently added group's confidence level (which has a higher level of confidence)
Actual Output
The user's confidence level reflects the original group's confidence level.
Additional information
Screenshots (optional)