AdamS Posted April 19, 2016 Report Posted April 19, 2016 I'm playing around with a test case I've set up and have noted something that is of concern. I created a user type 'Batch Reviewer' and only give them access to a case and the review tab. Looks good, they can log in see all the batches but can only access those assigned to them, however they do have access to the preferences 'cog wheel' which also gives them full access to alter/delete/add coding layouts. I would suggest adding a new permission that we can grant/revoke for 'access to preferences options' so we can lock that down.
ŁukaszBachman Posted April 20, 2016 Report Posted April 20, 2016 Agreed - we'll add such permission in the next version of Intella Connect.
jcoyne Posted June 2, 2016 Report Posted June 2, 2016 There is a further security issue with having access to coding layout preferences. You can see coding layouts created for other cases (that you may not have been granted access to). For example if I created a coding layout with tags relevant to a child protection case:- relates to suspect john smith relates to suspect peter jones Contains Cat 1 images etc Then a totally separate case (on the same connect server) needs to set up batches for their say fraud investigation, they can import the same coding layout and tags. The creation of the coding layout available for a specific case needs to be a global system administrator role (or dont share coding layouts across cases) Any chance that this would be interim fixed and that you can issue a patch? Best regards Jason
ŁukaszBachman Posted June 7, 2016 Report Posted June 7, 2016 Jason, I think a quick patch won't be possible here as that is how we designed Coding Layouts to work and as a result such changes will have a vast impact on the tool. I understand your claim and I'll think about a better solution to tackle this, however it won't be a quick fix.
Recommended Posts