iris-web icon indicating copy to clipboard operation
iris-web copied to clipboard

Published 20 hours ago verified publisher icon dfir-iris

[BUG] [Critical] Access Tab For Cases should only be accessible to administrator user. Administrator can be locked out

Open cyb3rmeerk4t opened this issue 8 months ago • 1 comments

Describe the bug The Access Tab when viewing a case for a standard user (non-admin user) can cause anyone, including administrator users to not be able to access the case. image

To Reproduce Steps to reproduce the behavior:

  1. Go to Manager Case > Select a Case
  2. Click on Access tab
  3. Other users can be denied and totally locked out to the case. image

TestCase002 not accessible to administrator anymore: image

And no way to see and get access to the said case. This works with other users as well. Only the user that set "denyall" access can revert the setting to full access.

Expected behavior A clear and concise description of what you expected to happen.

Screenshots image //getting random error "I can't let you do that Dave" image set deny all access to another analyst image //set read only access to analyst 2 image //permission denied to getting access

Additional context Please remove Access tab to cases. Access tab can be access via the following ways: 1st Way:

  1. Go to Case > Select open
  2. Then Access Tab

2nd Way

  1. Go to Manage Cases > Select a case
  2. <Pop up> then Access tab

cyb3rmeerk4t avatar Jun 23 '24 18:06 cyb3rmeerk4t