WORKTERRAProject Type: software

WORKTERRA

Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-9842

[Security]-[Authorization Failure] Employee & Company Admin can access the 'Dashboard Configuration' page over the URL.

    Details

    • Type: Bug
    • Status: In Development
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Platform
    • Labels:
      None
    • Environment:
      Production, Stage, QA
    • Bug Type:
      Functional
    • Bug Severity:
      Medium
    • Level:
      Admin, Employee
    • Module:
      Platform - Security
    • Reported by:
      Harbinger
    • Company:
      All Clients/Multiple Clients
    • Item State:
      Development - On Hold
    • Issue Importance:
      Q2
    • Browser:
      Google Chrome
    • Sprint:
      WT Sprint 33-Bugs

      Description

      [Security]-[Authorization Failure] Employee & Company Admin can access the 'Dashboard Configuration' page over the URL.

      Replication Steps:
      1. Login as Partner in workterra
      2. Go to Company Dashboard page.
      3. Copy the URL.
      4. Login as Employee or Company Admin in other browser
      5. Paste the URL for Employee or Company Admin to access.

      Actual result:
      Employee & Company Admin can access the Dashboard Configuration Settings page and can update the Employee level settings

      Expected Result:
      If the access is allowed then, "Dashboard Configuration" should be listed in Menu Items for Company Admin and Employee
      It the access not allowed then "Unauthorized Access" page should be displayed.

      Issue tested on Azure and Stage.

      CC : Rakesh RoySamir

        Attachments

          Issue Links

          relates to

          Task - A task that needs to be done. NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

          • Medium - Has the potential to affect progress.
          • To Do

            Activity

            Ascending order - Click to sort in descending order
            prasadp Prasad Pise (Inactive) created issue -
            prasadp Prasad Pise (Inactive) made changes -
            Field Original Value New Value
            Link This issue relates to NF-2714 [ NF-2714 ]
            satyap Satya made changes -
            Assignee Satya [ ID10004 ] Jaideep Vinchurkar [ jaideep.vinchurkar ]
            satyap Satya made changes -
            Module Parent values: Platform(10106) Parent values: Platform(10106)Level 1 values: Security(10115)
            jaideep.vinchurkar Jaideep Vinchurkar (Inactive) made changes -
            Assignee Jaideep Vinchurkar [ jaideep.vinchurkar ] Aditya Vishwakarma [ aditya.vishwakarma ]
            aditya.vishwakarma Aditya Vishwakarma (Inactive) made changes -
            Status Open [ 1 ] In Development [ 10007 ]
            aditya.vishwakarma Aditya Vishwakarma (Inactive) made changes -
            Item State Parent values: Development(10200)Level 1 values: In Analysis(10204)
            aditya.vishwakarma Aditya Vishwakarma (Inactive) made changes -
            Remaining Estimate 0h [ 0 ]
            Time Spent 3.5h [ 12600 ]
            Worklog Id 60584 [ 60584 ]
            aditya.vishwakarma Aditya Vishwakarma (Inactive) made changes -
            Comment [ This is due to design.
            This will be restructured in UI Refresh.
            ]
            aditya.vishwakarma Aditya Vishwakarma (Inactive) made changes -
            Resolution System Behaviour [ 10100 ]
            Status In Development [ 10007 ] Rejected [ 10004 ]
            aditya.vishwakarma Aditya Vishwakarma (Inactive) made changes -
            Assignee Aditya Vishwakarma [ aditya.vishwakarma ] Prasad Pise [ prasadp ]
            aditya.vishwakarma Aditya Vishwakarma (Inactive) made changes -
            Item State Parent values: Development(10200)Level 1 values: In Analysis(10204)
            aditya.vishwakarma Aditya Vishwakarma (Inactive) made changes -
            Time Spent 3.5h [ 12600 ] 6h [ 21600 ]
            Worklog Id 60792 [ 60792 ]
            jaideep.vinchurkar Jaideep Vinchurkar (Inactive) made changes -
            Assignee Prasad Pise [ prasadp ] Aditya Vishwakarma [ aditya.vishwakarma ]
            aditya.vishwakarma Aditya Vishwakarma (Inactive) made changes -
            Resolution System Behaviour [ 10100 ] Unresolved [ 10200 ]
            Status Rejected [ 10004 ] Reopened [ 4 ]
            aditya.vishwakarma Aditya Vishwakarma (Inactive) made changes -
            Item State Parent values: Development(10200)Level 1 values: On Hold(10207)
            Original Estimate 0h [ 0 ]
            gaurav.sodani Gaurav Sodani (Inactive) made changes -
            Sprint WT Sprint 33-Bugs [ 77 ]
            jaideep.vinchurkar Jaideep Vinchurkar (Inactive) made changes -
            Dev Due Date 26/Jul/2017
            aditya.vishwakarma Aditya Vishwakarma (Inactive) made changes -
            Time Spent 6h [ 21600 ] 7h [ 25200 ]
            Worklog Id 60584 [ 60584 ]
            aditya.vishwakarma Aditya Vishwakarma (Inactive) made changes -
            Time Spent 7h [ 25200 ] 8h [ 28800 ]
            Worklog Id 60792 [ 60792 ]
            jaideep.vinchurkar Jaideep Vinchurkar (Inactive) made changes -
            Status Reopened [ 4 ] In Development [ 10007 ]
            jaideep.vinchurkar Jaideep Vinchurkar (Inactive) made changes -
            Priority High [ 2 ] Medium [ 3 ]
            rakeshr Rakesh Roy (Inactive) made changes -
            Bug Severity Medium [ 16702 ]
            jaideep.vinchurkar Jaideep Vinchurkar (Inactive) made changes -
            Assignee Aditya Vishwakarma [ aditya.vishwakarma ] Akash Thakur [ akash.thakur ]
            jaideep.vinchurkar Jaideep Vinchurkar (Inactive) made changes -
            Assignee Akash Thakur [ akash.thakur ] Rajiv Rajan [ rajiv.rajan ]
            rajiv.rajan Rajiv Rajan (Inactive) made changes -
            Time Spent 8h [ 28800 ] 16h [ 57600 ]
            Worklog Id 86825 [ 86825 ]
            rajiv.rajan Rajiv Rajan (Inactive) made changes -
            Time Spent 16h [ 57600 ] 24h [ 86400 ]
            Worklog Id 86950 [ 86950 ]
            rajiv.rajan Rajiv Rajan (Inactive) made changes -
            Time Spent 24h [ 86400 ] 31h [ 111600 ]
            Worklog Id 87843 [ 87843 ]
            rajiv.rajan Rajiv Rajan (Inactive) made changes -
            Time Spent 31h [ 111600 ] 39h [ 140400 ]
            Worklog Id 88404 [ 88404 ]
            rajiv.rajan Rajiv Rajan (Inactive) made changes -
            Time Spent 39h [ 140400 ] 47h [ 169200 ]
            Worklog Id 88405 [ 88405 ]
            gaurav.sodani Gaurav Sodani (Inactive) made changes -
            Company All Clients/Multiple Clients [ 18434 ]
            Environment Production,Stage,LB [ 18442, 18443, 18444 ]
            prasadp Prasad Pise (Inactive) made changes -
            Assignee Rajiv Rajan [ rajiv.rajan ] Vijayendra Shinde [ ID10506 ]
            prasadp Prasad Pise (Inactive) made changes -
            Time Spent 47h [ 169200 ] 49h [ 176400 ]
            Worklog Id 107012 [ 107012 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Link This issue relates to DEV-13718 [ DEV-13718 ]

              People

              Assignee:
              vijayendra Vijayendra Shinde (Inactive)
              Reporter:
              prasadp Prasad Pise (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Dev Due Date:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0h
                  0h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 49h
                  49h