Skip to main content
16-Pearl
May 6, 2020
Solved

Users collection visibility

  • May 6, 2020
  • 1 reply
  • 818 views

it seems to be possible for a normal user "USR1" (non admin and not on special groups) to see other user objects through a service.

I have no rules on the "users collection" permissions that would allow USR1 to "see" other users

In fact, If USR1 logs into the composer, he can see just itself on the users list

 

But if with a service he calls Users["USR2"].fullName, this entity is visible and returns the fullName prop !

This shouldn't be possible.

What I'm missing ?

 

I use TWX 8.5

 

 

Best answer by iguerra

Sorry ....

I found the problem, it was the "System" user that was inside the Administrators group.

This is a very bad things do to ... and now I know why ...

1 reply

iguerra16-PearlAuthorAnswer
16-Pearl
May 6, 2020

Sorry ....

I found the problem, it was the "System" user that was inside the Administrators group.

This is a very bad things do to ... and now I know why ...