cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Need to share some code when posting a question or reply? Make sure to use the "Insert code sample" menu option. Learn more! X

Translate the entire conversation x

Users collection visibility

Go to solution
iguerra
15-Moonstone
15-Moonstone
‎May 06, 2020 10:51 AM
‎May 06, 2020 10:51 AM

Users collection visibility

it seems to be possible for a normal user "USR1" (non admin and not on special groups) to see other user objects through a service.

I have no rules on the "users collection" permissions that would allow USR1 to "see" other users

In fact, If USR1 logs into the composer, he can see just itself on the users list

 

But if with a service he calls Users["USR2"].fullName, this entity is visible and returns the fullName prop !

This shouldn't be possible.

What I'm missing ?

 

I use TWX 8.5

 

 

Labels:
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
iguerra
15-Moonstone
15-Moonstone
(To:iguerra)
‎May 06, 2020 11:37 AM
‎May 06, 2020 11:37 AM

Sorry ....

I found the problem, it was the "System" user that was inside the Administrators group.

This is a very bad things do to ... and now I know why ...

View solution in original post

0 Kudos
Notify Moderator
1 REPLY 1
iguerra
15-Moonstone
15-Moonstone
(To:iguerra)
‎May 06, 2020 11:37 AM
‎May 06, 2020 11:37 AM

Sorry ....

I found the problem, it was the "System" user that was inside the Administrators group.

This is a very bad things do to ... and now I know why ...

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags