You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"This call returns the user details. It's available to users with superAdmin or orgAdmin roles. Every user can also use it to read their own details." [1]
The last command shows that "test" user is able to get details of "test3" user despite he has only "read" role, contrary to what documentation says. The same bug is in The Hive as well. Even though The Hive documentation doesn't explicitly mention it, it's probably a good idea to make it consistent with Cortex API behaviour.
The text was updated successfully, but these errors were encountered:
Request Type
Bug
Work Environment
Problem Description
The current API documentation says:
"This call returns the user details. It's available to users with superAdmin or orgAdmin roles. Every user can also use it to read their own details." [1]
[1] https://github.com/TheHive-Project/CortexDocs/blob/master/api/api-guide.md#get-details
However, it is possible for users with only Read or Read/Analyze roles to get details of other users within the same organization.
Steps to Reproduce
Pre-conditions:
Step 1:
Step 2:
The last command shows that "test" user is able to get details of "test3" user despite he has only "read" role, contrary to what documentation says. The same bug is in The Hive as well. Even though The Hive documentation doesn't explicitly mention it, it's probably a good idea to make it consistent with Cortex API behaviour.
The text was updated successfully, but these errors were encountered: