Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search.
it seems to be possible for a normal user "USR1" (non admin and not on special groups) to see other user objects through a service.
I have no rules on the "users collection" permissions that would allow USR1 to "see" other users
In fact, If USR1 logs into the composer, he can see just itself on the users list
But if with a service he calls Users["USR2"].fullName, this entity is visible and returns the fullName prop !
This shouldn't be possible.
What I'm missing ?
I use TWX 8.5
Go to Solution.
I found the problem, it was the "System" user that was inside the Administrators group.
This is a very bad things do to ... and now I know why ...
View solution in original post