After the publication of Langgraph, some items to consider for correcting and improving the management of security restrictions in the assistant configurations have arisen.
They are the following:
Permissions in "WebHooks" Tab in "Skill/Tool" window:
Check the data access level to prevent someone like "Group Admin" or less from accessing the WebHooks tab, allowing only to read the information of the webhooks. The behavior should be the same as the header of the Skill/Tool window.
Adjust assistant selector in "Assistant Access" window: Check why from System Administrator you cannot select assistants.
Add validation to selector in "Team Member" tab in "LangGraph" assistants.
Add validation to selector in "assistant" tab in "process request" window when having a call to an assistant configured.
Solution desing
Check the data access level of the etcop_tool_wbhk table, that it is equal to that of etcop_tool. Check if it has any other configuration to restrict access.
Check the validation of the assistant selector in the "Assistant Access" window so that you can select assistants from System Administrator.
Add the aforementioned validation in the "Team Member" tab in "LangGraph" assistants.
Add the aforementioned validation in the "assistant" tab in the "process request" window when having a call to an assistant configured.
Use Cases
Given that I am a user with "Group Admin" or less permissions
When I try to access the WebHooks tab in the Skill/Tool window
Then I can only read the information of the webhooks. I cannot modify or delete any webhook.
Given that I am a user with "System Administrator" permissions
When I try to select assistants in the "Assistant Access" window
Then I can select assistants.
Given that I am a user with "Group Admin" or less permissions
When I try to select assistants in the "Team Member" tab in "LangGraph" assistants
Then I can only select assistants that I have access to.
Given that I am a user with "Group Admin" or less permissions
When I try to select assistants in the "assistant" tab in the "process request" window when having a call to an assistant configured
Then I can only select assistants that I have access to.
Issue Description
After the publication of Langgraph, some items to consider for correcting and improving the management of security restrictions in the assistant configurations have arisen.
They are the following:
Solution desing
Check the data access level of the etcop_tool_wbhk table, that it is equal to that of etcop_tool. Check if it has any other configuration to restrict access.
Check the validation of the assistant selector in the "Assistant Access" window so that you can select assistants from System Administrator.
Add the aforementioned validation in the "Team Member" tab in "LangGraph" assistants.
Add the aforementioned validation in the "assistant" tab in the "process request" window when having a call to an assistant configured.
Use Cases
Given that I am a user with "Group Admin" or less permissions When I try to access the WebHooks tab in the Skill/Tool window Then I can only read the information of the webhooks. I cannot modify or delete any webhook.
Given that I am a user with "System Administrator" permissions When I try to select assistants in the "Assistant Access" window Then I can select assistants.
Given that I am a user with "Group Admin" or less permissions When I try to select assistants in the "Team Member" tab in "LangGraph" assistants Then I can only select assistants that I have access to.
Given that I am a user with "Group Admin" or less permissions When I try to select assistants in the "assistant" tab in the "process request" window when having a call to an assistant configured Then I can only select assistants that I have access to.