Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict Who Can See List of People in Prod #171

Open
nelsonic opened this issue Dec 30, 2021 · 0 comments
Open

Restrict Who Can See List of People in Prod #171

nelsonic opened this issue Dec 30, 2021 · 0 comments
Labels
chore a tedious but necessary task often paying technical debt discuss Share your constructive thoughts on how to make progress with this issue enhancement New feature or enhancement of existing functionality priority-2 Second highest priority, should be worked on as soon as the Priority-1 issues are finished T2h Time Estimate 2 Hours technical A technical issue that requires understanding of the code, infrastructure or dependencies

Comments

@nelsonic
Copy link
Member

At present, a non-admin person can see the complete list of people who have authenticated with auth on our test version: https://dwylauth.herokuapp.com/people

image

This is a useful feature during development because we can immediately see who has logged in & when. but ...
It's obviously undesirable as it's "leaking" Personally Identifiable Information (PII)
Even though this is a Test System, we still don't want to let anyone see who has authenticated.
So I propose we restrict the data visible in this view to only the admin of the App and superadmin.
@nelsonic nelsonic added enhancement New feature or enhancement of existing functionality priority-2 Second highest priority, should be worked on as soon as the Priority-1 issues are finished chore a tedious but necessary task often paying technical debt discuss Share your constructive thoughts on how to make progress with this issue technical A technical issue that requires understanding of the code, infrastructure or dependencies T2h Time Estimate 2 Hours labels Dec 30, 2021
@nelsonic nelsonic mentioned this issue Dec 30, 2021
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
chore a tedious but necessary task often paying technical debt discuss Share your constructive thoughts on how to make progress with this issue enhancement New feature or enhancement of existing functionality priority-2 Second highest priority, should be worked on as soon as the Priority-1 issues are finished T2h Time Estimate 2 Hours technical A technical issue that requires understanding of the code, infrastructure or dependencies
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nelsonic