Proposed Use Case:
- Centralized IT creates a data model which requires row level security managed with Section Access.
- The data model is shared with a business unit developer through a Binary Load which reduces the data set for the business unit developer (inherited section access).
- The business unit developer has access to the Data Manager to further extend the data model
In this use case, if the business unit developer associates data with the table where Section Access is attached to; then the automated script temporarily drops the table; which removes Section Access. It is also possible for the business unit developer to drop the table; which removes Section Access. By removing the inherited Section Access; the entire data model is exposed.
Ideally this vulnerability in inherited section access would be closed by preventing changes to tables associated with Section Access.