Bitrix24 Community

Support » Forum » Projects and collaboration » User access limitations bug
Pages: 1
RSS
User access limitations bug
Hi,

I created a new user in our Bitrix account.  He is supposed to have access to just one workgroup and just to his assigned tickets in his  workgroup.

The workgroup is setup as non visible.  The tasks are setup to be accessible by authorized users only.

When this user logs in, he can only see 1 workgroup (where he was invited to)

However!

When this user clicks on some other user's name (under company structure)  and then clicks on "Tasks" and then "All", he can access all tasks (closed and open) of that user in all other workgroups, even if he is not added to  those workgroups and even if he is not authorized to view those tasks (they are set to "authorized users only")

Also through search that user can access wiki pages from other workgroups even when they are set to "authorized users only"

This is a huge security and privacy risk!!!!

Please advise asap how to fix this.

Max  
Hi Max!

Please make sure that user does not have administartive access to your intranet (see his profile page), also in the company structure please check if this user is not set as other users subordinate.

Please also advise if this is an intranet or extranet user?

Best,

Yana.
Pages: 1
2,000,000+
organizations
are already using Bitrix24