Skip to content

[RBAC - Dashboard] Need "Manage credentials" capability for "Activity & History" perspective #8899

New issue
New issue
Closed
#8948
Closed
[RBAC - Dashboard] Need "Manage credentials" capability for "Activity & History" perspective#8899
#8948

Description

@Lhorus6

Lhorus6
openedon Nov 4, 2024

Description

In the dashboards, user activity data (i.e. "Activity & History" perspective) is linked to the “Manage credentials” capability. This is irrelevant, as the data displayed is linked to user activity. So it's the “Access security activity” capability that should define whether or not we're allowed to see it.

Environment

OCTI 6.3.9

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Create a user with this capabilities (and all marking allowed)

image

  1. Log in with this new user

  2. Create Custom Dashboard

  3. Create Widget → List (Distribution) → Activity and History (no filter, all default parameter)
    -> "You are not authorized to see this data"

  4. With an admin user, add the capability “Manage credentials” to the newly created user

  5. With the newly created user, refresh the dashboard page
    -> Now you have data in your widget

Expected Output

I hope to see the data if I have the “Access security activity” capability (and not based on “Manage credentials”)

Actual Output

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

Labels

buguse for describing something not working as expecteddashboardsLinked to dashboards and widgetsrbacLinked to RBAC and ACL systemssolveduse to identify issue that has been solved (must be linked to the solving PR)

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions