xmnlab
commented
2 years ago @eduardocorrearaujo do we still have this security issue?
Open eduardocorrearaujo opened 2 years ago
xmnlab
commented
2 years ago @eduardocorrearaujo do we still have this security issue?
xmnlab
commented
2 years ago I think that any change to the shared datasets should be done via scripts or something similar, something that we can have a history and maybe that can be reused locally.
fccoelho
commented
2 years ago Is this still an issue @eduardocorrearaujo ? can we close it?
I'm creating this issue to us discuss some points to ensure the security of our database and avoid problems.
For example, anyone with an account in the epigraphhub is able to delete some dataset, change the name of the dataset or the columns and this can configure a problem since someone for mistakes could drop a table or change something that could result in an error in dashboards and codes created to analyze this data.
Analyzing this situation only from the point of view of the dashboards and codes, we could only don't allow these tables to be changed by anyone, being necessary a specific user, or some kind of review before this be done.
But, I think that needs to exist another kind of restriction to drop and edit any table.
For example, for the Switzerland dashboard, we have data from FOPH and some geo data used to create a map. This data shouldn't be changed or deleted by anyone, only by the
adminor other high position users.Also, the data created to plot the forecasts should only be edited or dropped, by me, Flavio, or some other person working on the project.
I would like to know what are your thoughts about it.