Permissions applicable to the new Risks Experience?
Regarding the new Risks Experience that has been published, I have concerns that the permissions are not applied, and users are able to see the Risk Owners, Risk Descriptions, etc. for risks to which they do not otherwise have permissions to view, some of which may be confidential. In the Data Experience, the risk objects and the risk IDs are visible, but permissions restrict the view of the Risk Short Title in our workspace - they can only see the Risk Short Titles for the risks to which they have permissions. We would expect similar permissions controls to be applied in the Risks Experience.
-
Hi Jeremy,
Welcome to the Community and thank you for your question about this new experience! In the Risks experience, we only enable access to these lists for
Data Admin
andManager
, andWorkspace Support User.
The list view itself will return all the data it can find, regardless of that user's permissions. However, users will only see links (and thus show more info when hovering over) for items that they have permission to access.If I missed anything or you have further questions, please let us know!
0Accedi per aggiungere un commento.
Commenti
1 commento