You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A user with only one role with the following permissions ...
Can specify the note author as admin or as organization:
The button to update a note that does not belong to the logged user is available and the edit panel shows up however it raises an error when we try to update it.
It is possible too for a user to create a new Opinion and specifying as author, for example, as the Admin and save it. Then, update the opinion to add a relation to another entity like a report.
I guess this is possible because Author is linked to Identifies which is not the same as OpenCTI users, however, should it be possible to users to change author of any entity? Or even if yes, should it be possible to create notes and opinions using another user name?
PS: I understand, it seems easy in first sight to solve the problem but conceptually is difficult due the mix between platform users/roles/permissions and stix author field as an Indentity.
Environment
OpenCTI version: 5.2.4
The text was updated successfully, but these errors were encountered:
SYNchroACK
changed the title
Create/Update notes specifying author with a different user
Create/Update notes and opinions specifying author with a different user
May 25, 2022
@richard-julien yes, I agree with @SYNchroACK, we have to find a way to enforce more permissions on the "notes" usage, and have a new role to override the author (at creation or modification).
Description
A user with only one role with the following permissions ...
Can specify the note author as admin or as organization:
The button to update a note that does not belong to the logged user is available and the edit panel shows up however it raises an error when we try to update it.
It is possible too for a user to create a new Opinion and specifying as author, for example, as the Admin and save it. Then, update the opinion to add a relation to another entity like a report.
I guess this is possible because Author is linked to Identifies which is not the same as OpenCTI users, however, should it be possible to users to change author of any entity? Or even if yes, should it be possible to create notes and opinions using another user name?
PS: I understand, it seems easy in first sight to solve the problem but conceptually is difficult due the mix between platform users/roles/permissions and stix author field as an Indentity.
Environment
OpenCTI version: 5.2.4
The text was updated successfully, but these errors were encountered: