Stream ruels security question


(Tobias) #1

Hello,
i habe a question or more something to think about.
We are creating diffrent permission sets and Roles.

The Problem we have is, that we are collection security information in one stream and other are not allowed to see this one or getting any possibilities to get such kind of informations.

So i have a role, which can not see this stream and give them a own one with edit permission.
Now they can change theire rule and add a a field, wich is collection the security information too.
Shure, i could take the edit permission away, but then they can’t define their alerts etc.

Is there a other way to handle that, that such kind of information like for security audits are save?
Or is it a security issue?

Regards

PS: Hope i explained it comprehensible :slight_smile:


(Jan Doberstein) #2

hej @Wicht

as editing the stream contains the ability to define the rules it is not possible to hide some kind of messages.

If you need to protect Information from other users, don’t give them the ability to move their looking glass into the stream. Should you really have that sensitiv information, create a separate environment for that.

with kind regards
Jan


(Tobias) #3

Thanks @jan

Shure i will no one give the ability to move their looking glass into such kind of message.
Will be there in the future a possibility to configure such a permission?
For example, that someone can handle the alerts, without having permissions to change the stream rule?
In the moment it is only possible to create notifications etc when you have the stream edit permission, which allows to chage rules.

In my opinion it would be great, to have such possibilities.

Regards


(Jan Doberstein) #4

Hej @Wicht

why not open a feature request that gives all needed information?


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.