Is this a bug?
2018-11-24 15:36:30
Fei Teng
  • Visit: 1918
  • Join Date: 2016-08-02
  • Last Login: 2021-11-08
  • My Point: 0
  • PartyLevel: No Party
I noticed a bit of security issue in the process.

White list and privileges are meant to secure access to projects. We have multiple projects, but not all members nor PM's should be able to gain information on other projects unless having that privilege.

However you will find, that on the dashboard and list of projects indeed people find their white listed projects, but going to the user tab you can click any user and you can zoom into his or her work and easily see all projects listed defined in this installation.

2018-11-24 15:39:05
Fei Teng
  • Visit: 1918
  • Join Date: 2016-08-02
  • Last Login: 2021-11-08
  • My Point: 0
  • PartyLevel: No Party

Privilege/Access Control in ZenTao is managed by the group. So you can go to Company->Group and click the lock icon to set detailed privileges. Then uncheck the module you don't want the group users to see.


For more about Privileges, click HERE.


1/1