Permission Issue: User was able to log into an tenant they weren't a part of

Question

Permission Issue: User was able to log into an tenant they weren't a part of

Closed this issue 3 months ago · 3 comments

Summary

ctgraham@pitt.edu was part of the reshare tenant, not demo. We're requested him to use demo to QA. He logged in and noticed he didn't have permissions or access to importers/exporters. ref slack message

We confirmed he was not a user of this tenant so he shouldn't have been able to log in at all. Is this a hyku bug or a knapsack bug?

We've since added him to the account's administrators to resolve his issue, however this feels like a major bug.

Acceptance Criteria

Users should not be able to log into tenants they are not apart of

Screenshots or Video

Testing Instructions

Notes

Answer 1 · 2024-09-03T18:55:21.000Z

Confirmed by Rob that this is the expected behavior. He should be able to log in but not be able to do any actions within the tenant, which is what Clinton described.

Answer 2 · 2024-09-03T18:56:20.000Z

todo:

make a new user in prod. What happens when they log into a tenant they aren't part of?

does knapsack staging behave the same? if so, close this ticket.

Answer 3 · 2024-09-03T20:16:40.000Z

Confirmed, this same behavior happens in production so valkyrie/knapsack affect it.

shana@scientist.com is part of the demo tenant, not palci-demo tenant. I can sign into into the palci-demo tenant but I'm met with the inability to do anything.