You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
s3ns0r1um opened this issue
Feb 18, 2021
· 3 comments
Labels
buguse for describing something not working as expectedquestionFurther information is requestedsolveduse to identify issue that has been solved (must be linked to the solving PR)
The following behaviour does NOT occur for users who either have an Admin role or have the "Bypass all capabilities" box checked in their respective role settings:
The dash box "Top 10 active entities (3 last months)" shows restricted elements where it should show Attack Patterns. Mouse hover says: (Malware restricted) for all restricted elements (see screenshot).
The Attack Patterns page under Arsenal gets stuck in a loading loop but returns HTTP status 200 (see screenshot).
User has no access to the connectors (with or without permission to manage the connector state) despite the corresponding boxes being active in the role settings.
All of the above also applies with all boxes checked in a user's role settings (except for "Bypass all capabilities"). I put this in the same post as these observations might be related.
Thank you in advance for having a look at this!
Environment
OS (where OpenCTI server runs): Ubuntu Server 20.04.2 LTS Server on ESXi
OpenCTI version: 4.2.3
OpenCTI client: frontend
Reproducible Steps
Steps to create the smallest reproducible scenario:
see Description
Expected Output
Dash box shows all elements of the same type (in our case they're all Attack Patterns)
Attack Patterns page under Arsenal is displayed correctly
Actual Output
see Description
Additional information
The text was updated successfully, but these errors were encountered:
The dash box "Top 10 active entities (3 last months)" shows restricted elements where it should show Attack Patterns. Mouse hover says: (Malware restricted) for all restricted elements (see screenshot).
This is related to data segregation feature. The user doesn't have access to the marking linked to some entities in this top10. You need to give markings access through the user group.
The Attack Patterns page under Arsenal gets stuck in a loading loop but returns HTTP status 200 (see screenshot).
Should also be related to data segregation. But of course this should not blocked in loading loop. Definitely a bug.
User has no access to the connectors (with or without permission to manage the connector state) despite the corresponding boxes being active in the role settings.
Looks like a little bug in the UI. Thanks for the report
buguse for describing something not working as expectedquestionFurther information is requestedsolveduse to identify issue that has been solved (must be linked to the solving PR)
Description
The following behaviour does NOT occur for users who either have an Admin role or have the "Bypass all capabilities" box checked in their respective role settings:
The dash box "Top 10 active entities (3 last months)" shows restricted elements where it should show Attack Patterns. Mouse hover says: (Malware restricted) for all restricted elements (see screenshot).
The Attack Patterns page under Arsenal gets stuck in a loading loop but returns HTTP status 200 (see screenshot).
User has no access to the connectors (with or without permission to manage the connector state) despite the corresponding boxes being active in the role settings.
All of the above also applies with all boxes checked in a user's role settings (except for "Bypass all capabilities"). I put this in the same post as these observations might be related.
Thank you in advance for having a look at this!
Environment
Reproducible Steps
Steps to create the smallest reproducible scenario:
see Description
Expected Output
Actual Output
see Description
Additional information
The text was updated successfully, but these errors were encountered: