Bitrix24 Community

Support » Forum » Manuel Romero
Select date in calendarSelect date in calendar

Pages: 1
Tasks Permission problem
Hi Yana,

Note that the person who was able to delete the tasks I mentioned, was neither Group Owner nor a Moderator, he was in some tasks a participant, and observer in others.

The configuration set for my workgroups are the default: "Permission to delete all tasks: Group Owner and Moderators"

So, the issue is not resolved yet.
Tasks Permission problem
Hello,

I was recently looking for some tasks in my bitrix account, and to my surprise I did not find them.

I started reviewing the notification history, and I noticed that one of the employees had erased the tasks.

I asked him why he had done this, and he told me he thought that deleting them it will only get the task removed from his account, not for the entire workgroup.

When the task was deleted, the entire Task Timeline, which included many attachments and important information, was deleted.

Because of this, I created 3 TEST TASKs, One task putting him as "Responsible", other putting him as "Participant", and other one putting him as "Observer". In all three he was able to delete the entire task, and he was not Owner neither Moderator of the workgroup in wh ere the task was.

So I realized that this is an important security bug,

Some disgruntled employee, would have the ability to delete all the tasks in which he participated (even as observer). Imagine if someone delete 3 years of valuable information, and you don´t have an UN-DO or recycle bin feature.

What can you do about it?
Edited: Manuel Romero - 01/23/2017 05:40:14
Pages: 1
2,000,000+
organizations
are already using Bitrix24