search

TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform
https://thehive-project.org
GNU Affero General Public License v3.0
3.37k stars 614 forks source link

More options on linking 2 ORGs #1497

Open JulianBaSi opened 4 years ago

JulianBaSi commented 4 years ago

[Feature Request] More options on linking 2 ORGs

Request Type

Feature Request

Request

When linking two organisations it should be possible to have more options than just linking them. I have two options in mind: (1) linking with max. TLP and (2) linking with specific profile.

(1): We have some ORGs with users which are not allowed to see all cases or observables (e.g. those with TLP:red). Currently when sharing a case, this must be thought by the analyst who add this share. It would be nice if this setting can be set at admin-side, making it impossible for an analyst to share a case (or the observables of a case) above the specified TLP.

(2): In our case there are some roles which are not allowed to see anything case-related, but only can use the dashboards. It would be helpful if the admin can link two organisations but with setting a specified role/profile. You can already set this option when sharing a case ("Profile"), but do this globally when linking two ORGs and not have this to be done by the analyst would be nice.

nadouani commented 4 years ago

Hello @JulianBaSi to prevent a user from sharing cases, make sure (s)he's role doesn't contain the manageShare permission (which is part of the analyst profile we provide by default.

All the multi tenancy design has been built on top of an assumption: if you belong to an org, you are able to see all the data that it creates, or all the data that has been shared with it.