Package Vulnerability Scanner (v2.0.2): Administrators cannot view all content on Posit Connect #321
Description
Problem
Administrators are expected to have visibility into all content published on a Posit Connect server. However, in the current implementation of the Package Vulnerability Scanner (v2.0.2), administrators can only see content that they personally created.
Expected behavior
Users with administrator privileges should be able to view and scan all content published on the Posit Connect server, regardless of the content owner.
Actual behavior
The scanner only lists content created by the currently logged-in administrator, excluding content published by other users.
Impact
This limitation prevents administrators from:
- Performing comprehensive vulnerability scans
- Ensuring organization-wide compliance and security oversight
- Identifying vulnerable packages in content owned by other users
Proposed improvement
Introduce an option (or default behavior) that allows administrators to see and scan all published content on the Posit Connect server.
Environment
- Package Vulnerability Scanner version: v2.0.2
- Platform: Posit Connect
- User role: Administrator