User role access to application file system
in Essbase
Hi, let me bring to your attention that users with User role are still able to access application files system and then download sensitive files such as data exports.
We discovered this issue last year following an Essbase migration toward Essbase 21, as our customer use native security and users had to access the console in order to reset their password.
A enhancement was raised but recently rejected (35782314 - MP: ESSBASE 21.4 RESTRAIN USER ACCESS TO APPLICATION FILES) as you should consider this behavior implemented by design.
In my own personal point of view this is a flaw by design which impacts both Essbase on independent deployment and marketplace.
Tagged:
0