[WT-9842] [Security]-[Authorization Failure] Employee & Company Admin can access the 'Dashboard Configuration' page over the URL. - Workterra Jira

XML

Word

Printable

Details

Type: Bug
Status: In Development
Priority: Medium
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Platform
Labels:
None

Environment:

Production, Stage, QA
Bug Type:
Functional
Bug Severity:
Medium
Level:

Admin, Employee
Module:
Platform - Security
Reported by:
Harbinger
Company:
All Clients/Multiple Clients
Item State:
Development - On Hold
Issue Importance:
Q2
Browser:

Google Chrome
Sprint:
WT Sprint 33-Bugs

Description

[Security]-[Authorization Failure] Employee & Company Admin can access the 'Dashboard Configuration' page over the URL.

Replication Steps:
1. Login as Partner in workterra
2. Go to Company Dashboard page.
3. Copy the URL.
4. Login as Employee or Company Admin in other browser
5. Paste the URL for Employee or Company Admin to access.

Actual result:
Employee & Company Admin can access the Dashboard Configuration Settings page and can update the Employee level settings

Expected Result:
If the access is allowed then, "Dashboard Configuration" should be listed in Menu Items for Company Admin and Employee
It the access not allowed then "Unauthorized Access" page should be displayed.

Issue tested on Azure and Stage.

CC : Rakesh Roy Samir

Attachments

Issue Links

relates to

NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

To Do

Activity

People

Assignee:: Vijayendra Shinde (Inactive)

Reporter:: Prasad Pise (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 15/Jun/17 01:08 PM

Updated:: 15/Dec/20 02:53 AM

Resolved:: 05/Jul/17 11:46 AM

Dev Due Date:: 26/Jul/2017

Time Tracking

Estimated:

Remaining:

Logged:

49h