Jump to content

Connect Reviewer Access control


AdamS
 Share

Recommended Posts

I'm playing around with a test case I've set up and have noted something that is of concern.

 

I created a user type 'Batch Reviewer' and only give them access to a case and the review tab. Looks good, they can log in see all the batches but can only access those assigned to them, however they do have access to the preferences 'cog wheel' which also gives them full access to alter/delete/add coding layouts.

 

I would suggest adding a new permission that we can grant/revoke for 'access to preferences options' so we can lock that down. 

Link to comment
Share on other sites

  • 1 month later...

There is a further security issue with having access to coding layout preferences. You can see coding layouts created for other cases (that you may not have been granted access to).

 

For example if I created a coding layout with tags relevant to a child protection case:-

 

relates to suspect john smith

relates to suspect peter jones

Contains Cat 1 images

etc

 

Then a totally separate case (on the same connect server) needs to set up batches for their say fraud investigation, they can import the same coding layout and tags.

 

The creation of the coding layout available for a specific case needs to be a global system administrator role (or dont share coding layouts across cases)

 

Any chance that this would be interim fixed and that you can issue a patch?

 

Best regards

 

Jason

 

 

Link to comment
Share on other sites

 Share

×
×
  • Create New...