search

SecurityRiskAdvisors / VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1.36k stars 161 forks source link

User role access to databases #90

Closed bfuzzy1 closed 2 years ago

bfuzzy1 commented 4 years ago

Is there a straightforward way to prevent the "user" role from being able to manipulate the databases in the web UI? Ideally, users within the "user" role would not need to make databases changes like that in my case.

Screen Shot 2020-08-28 at 4 23 23 PM

Any solutions would be appreciated.

thebleucheese commented 4 years ago

There's currently no way to restrict this. On the AuthN and AuthZ roadmap we're working through authentication improvements & SSO support right now which will be followed by local 2fa support and then more granular access control which will cover scenarios like this.

bfuzzy1 commented 4 years ago

@thebleucheese got it. Do you guys have an ETA for that release?

thebleucheese commented 4 years ago

@thebleucheese got it. Do you guys have an ETA for that release?

Not currently, the SSO & Authentication improvements are next and our focus is currently on testing and delivery for that. Everything mentioned that follows hasn't had enough analysis to estimate a release date.

bfuzzy1 commented 4 years ago

Ok, thank you.

carlvonderheid commented 2 years ago

This should be addressed in 8.2.0. We will provide more documentation soon, but there are some DB Policies available.