8 Replies Latest reply: Aug 30, 2017 12:56 PM by Thomas Karner RSS

    How to create a secure local copy of an app?

    Thomas Karner

      Hi,

       

      I want to achieve the following:

      • An app is developed centrally.
      • The central app includes data for all countries. Data access is protected with specific section access.
      • Key users in the local countries should be able to make copy of this app including all visualizations and master items.
      • Key users should be able to enrich the data model with local data
      • Key users cannot access central, unauthorized data
      • Key users should be able to create and execute tasks in QMC

       

      Unfortunately I couldn´t find a waterproof concept to provide this.

       

      I my investigations I found the following issues:

      • Key users can only copy apps within the QMC section "Apps", because they are not owner of the app
      • The copy contain beside visualizations and master items also the data and the load script

       

      With this I see the following security risks:

      a) Key user can create a task to load data for the copied app. The scheduled task runs with context of user sa_scheduler, having access to all LIBs. Load of data will be possible

      b) In case the load script is stored in an external include-file the key user could download the log of the executed task and re-construct the complete script

      c) The key user could also use the existing script code of the copied app and add further lines to override section access of the original app and gets access to all data

       

      Has anyone already implemented a secure and waterproof concept to achieve the requirements above?

       

      Regards,

      Thomas