-
Type: Bug
-
Status: In Development
-
Priority: Medium
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Platform
-
Labels:None
-
Environment:Production, Stage, QA
-
Bug Type:Functional
-
Bug Severity:Medium
-
Level:Admin, Employee
-
Module:Platform - Security
-
Reported by:Harbinger
-
Company:All Clients/Multiple Clients
-
Item State:Development - On Hold
-
Issue Importance:Q2
-
Browser:Google Chrome
-
Sprint:WT Sprint 33-Bugs
[Security]-[Authorization Failure] Employee & Company Admin can access the 'Dashboard Configuration' page over the URL.
Replication Steps:
1. Login as Partner in workterra
2. Go to Company Dashboard page.
3. Copy the URL.
4. Login as Employee or Company Admin in other browser
5. Paste the URL for Employee or Company Admin to access.
Actual result:
Employee & Company Admin can access the Dashboard Configuration Settings page and can update the Employee level settings
Expected Result:
If the access is allowed then, "Dashboard Configuration" should be listed in Menu Items for Company Admin and Employee
It the access not allowed then "Unauthorized Access" page should be displayed.
Issue tested on Azure and Stage.
CC : Rakesh RoySamir
- relates to
-
NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.
- To Do