10 Replies Latest reply: Feb 5, 2015 3:18 PM by Kyle Roth RSS

    security issue in the QV PUBLISHER

      Is it possible to run QV Publisher tasks under different users.  The reason i am asking this is the following :

       

      For instance we have 2 domains : Marketing and Sales.  Users from Sales are
      not allowed to access certain Marketing info.  But as a consequence of the
      fact that all the Publisher tasks run with the same user, there is no
      possibility to do this.  Actually, if the sales people know the name and
      location of the Marketing data, they can use this path in their script and
      schedule it in the publisher.  The publisher runs this task with the
      global machine user, which runs also tasks for finance, and has access to as
      well the Sales as the marketing data. 

       

      This seems to be a security leak to me, because in this way users can see data, they are not allowed to!

        Is there any solution for this or am i working in a wrong way?

       

      Regards

      Sven