URL inserted into browser window allows access to report without security
Summary:
Users able to run reports using direct URL access
Content (required):
We have identified an issue where our users can enter a report specific URL into a browser and the report will produce results without security being invoked. These users do not have access to run reports through the application, but inserting a URL in a browser window will allow the results to appear. I did try a couple different browsers. Chrome made me sign into the application but then returned information beyond the users' security profile. MS Edge did not ask me to sign in, it just returned the completed report. I've logged an SR.
0