Jump to content

Recommended Posts

Posted

I'm playing around with a test case I've set up and have noted something that is of concern.

 

I created a user type 'Batch Reviewer' and only give them access to a case and the review tab. Looks good, they can log in see all the batches but can only access those assigned to them, however they do have access to the preferences 'cog wheel' which also gives them full access to alter/delete/add coding layouts.

 

I would suggest adding a new permission that we can grant/revoke for 'access to preferences options' so we can lock that down. 

  • 1 month later...
Posted

There is a further security issue with having access to coding layout preferences. You can see coding layouts created for other cases (that you may not have been granted access to).

 

For example if I created a coding layout with tags relevant to a child protection case:-

 

relates to suspect john smith

relates to suspect peter jones

Contains Cat 1 images

etc

 

Then a totally separate case (on the same connect server) needs to set up batches for their say fraud investigation, they can import the same coding layout and tags.

 

The creation of the coding layout available for a specific case needs to be a global system administrator role (or dont share coding layouts across cases)

 

Any chance that this would be interim fixed and that you can issue a patch?

 

Best regards

 

Jason

 

 

Posted

Jason, I think a quick patch won't be possible here as that is how we designed Coding Layouts to work and as a result such changes will have a vast impact on the tool. I understand your claim and I'll think about a better solution to tackle this, however it won't be a quick fix.

×
×
  • Create New...