JIMI Core System - Inherited ACL from Trigger #55

b1scuit-thi3f · 2020-11-24T14:46:11Z

Is your feature request related to a problem? Please describe.
Flow should inherit ACL from the initial trigger. This would stop users who can create flows from escalating their privilege to the JIMI users (as JIMI runs everything in core as himself)

z1pti3 · 2020-11-28T12:35:11Z

Will look into this, but think that the ACL on objects is used to ensure this is the case as child objects will have inherited ACL from the object that created them.

z1pti3 · 2021-01-03T19:03:52Z

Agreed that this should be added in version 3.0 to enable sandboxing of jimiFlows to prevent core escalation / breakout from user defined ACL.

Currently ACL is only enforced for web and core runs with access to all objects, this feature could enable core to run with limited ACL as per the ACL of the trigger object.

b1scuit-thi3f added enhancement New feature or request Security labels Nov 24, 2020

z1pti3 added this to the v3.0 milestone Jan 3, 2021

z1pti3 modified the milestones: v3.0, v4.0 Jul 26, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

JIMI Core System - Inherited ACL from Trigger #55

JIMI Core System - Inherited ACL from Trigger #55

b1scuit-thi3f commented Nov 24, 2020

z1pti3 commented Nov 28, 2020

z1pti3 commented Jan 3, 2021

JIMI Core System - Inherited ACL from Trigger #55

JIMI Core System - Inherited ACL from Trigger #55

Comments

b1scuit-thi3f commented Nov 24, 2020

z1pti3 commented Nov 28, 2020

z1pti3 commented Jan 3, 2021