You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you set up SSO Group Syncing and a user creates a PAT, if the users' group permissions change from the SSO provider side the PAT continues to have the old permissions until the user logs in again when group permissions are synced again.
This is a security concern because if a user loses permissions they can continue to access things through their PAT.
Steps to reproduce the bug
have SSO Group syncing set up in your instance
create a user with some permissions based on groups
have the user create a PAT and logout
update group permissions from SSO provider
have user to continue using the PAT to access projects/things they shouldn't have now that the groups have been updated in the AD group (can also see the user staying in the group in Unleash until they log in again)
Expected behavior
User permissions are updated in some way so PATs don't continue to have permission they shouldn't have. Not sure exactly how this would work/can be solved, might be a periodic check on user groups or something like that.
Logs, error output, etc.
No response
Screenshots
No response
Additional context
No response
Unleash version
No response
Subscription type
Enterprise
Hosting type
None
SDK information (language and version)
No response
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Describe the bug
If you set up SSO Group Syncing and a user creates a PAT, if the users' group permissions change from the SSO provider side the PAT continues to have the old permissions until the user logs in again when group permissions are synced again.
This is a security concern because if a user loses permissions they can continue to access things through their PAT.
Steps to reproduce the bug
Expected behavior
User permissions are updated in some way so PATs don't continue to have permission they shouldn't have. Not sure exactly how this would work/can be solved, might be a periodic check on user groups or something like that.
Logs, error output, etc.
No response
Screenshots
No response
Additional context
No response
Unleash version
No response
Subscription type
Enterprise
Hosting type
None
SDK information (language and version)
No response
The text was updated successfully, but these errors were encountered: