Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User Access Management #1099

Closed
s3ns0r1um opened this issue Feb 18, 2021 · 3 comments
Closed

User Access Management #1099

s3ns0r1um opened this issue Feb 18, 2021 · 3 comments
Labels
bug use for describing something not working as expected question Further information is requested solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 4.2.4

Comments

@s3ns0r1um
Copy link

Description

The following behaviour does NOT occur for users who either have an Admin role or have the "Bypass all capabilities" box checked in their respective role settings:

  1. The dash box "Top 10 active entities (3 last months)" shows restricted elements where it should show Attack Patterns. Mouse hover says: (Malware restricted) for all restricted elements (see screenshot).

  2. The Attack Patterns page under Arsenal gets stuck in a loading loop but returns HTTP status 200 (see screenshot).

  3. User has no access to the connectors (with or without permission to manage the connector state) despite the corresponding boxes being active in the role settings.

All of the above also applies with all boxes checked in a user's role settings (except for "Bypass all capabilities"). I put this in the same post as these observations might be related.

Thank you in advance for having a look at this!

Environment

  1. OS (where OpenCTI server runs): Ubuntu Server 20.04.2 LTS Server on ESXi
  2. OpenCTI version: 4.2.3
  3. OpenCTI client: frontend

Reproducible Steps

Steps to create the smallest reproducible scenario:
see Description

Expected Output

  1. Dash box shows all elements of the same type (in our case they're all Attack Patterns)
  2. Attack Patterns page under Arsenal is displayed correctly

Actual Output

see Description

Additional information

attack_patterns
dash
@richard-julien richard-julien added the question Further information is requested label Feb 18, 2021
@richard-julien
Copy link
Member

Hi @s3ns0r1um ,

The dash box "Top 10 active entities (3 last months)" shows restricted elements where it should show Attack Patterns. Mouse hover says: (Malware restricted) for all restricted elements (see screenshot).
This is related to data segregation feature. The user doesn't have access to the marking linked to some entities in this top10. You need to give markings access through the user group.

The Attack Patterns page under Arsenal gets stuck in a loading loop but returns HTTP status 200 (see screenshot).
Should also be related to data segregation. But of course this should not blocked in loading loop. Definitely a bug.

User has no access to the connectors (with or without permission to manage the connector state) despite the corresponding boxes being active in the role settings.
Looks like a little bug in the UI. Thanks for the report

@richard-julien richard-julien added the bug use for describing something not working as expected label Feb 18, 2021
SamuelHassine pushed a commit that referenced this issue Feb 19, 2021
[frontend] Fix role access to connectors / data curation (#1099)
6ff89f9
@SamuelHassine
Copy link
Member

Hello @s3ns0r1um,

For the Attack Patterns UI bug, can you please check in the OpenCTI log if you have something?

Thanks.

Kind regards,
Samuel

@richard-julien
Copy link
Member

Hi @s3ns0r1um ,

After some more analysis it seems you have a bug inside the markings management when user have the bypass role. Thanks again for you report.

richard-julien added a commit that referenced this issue Feb 23, 2021
@richard-julien
[api] User markings with bypass capabilities (#1099)
552a824
@SamuelHassine SamuelHassine added this to the Release 4.2.4 milestone Feb 24, 2021
@SamuelHassine SamuelHassine added the solved use to identify issue that has been solved (must be linked to the solving PR) label Feb 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug use for describing something not working as expected question Further information is requested solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 4.2.4
Development

No branches or pull requests
3 participants
@richard-julien @SamuelHassine @s3ns0r1um