PROBLEM
You have created a scope to limit a user's ability to see certain functions, in this case to limit the user to only see the Policy module.
The user is indeed limited to see Policy Management only, however, the user is able to see all the policies.
CAUSE
This is by design. Although the scope will limit the user's ability to assign policies only to machines in their current scope, they are able to see all the policies defined in the system
RESOLUTION / WORKAROUND
There is no way to avoid this. Policies are not user specific, they are system specific, so any user with access to see the policies can see all of them, although only assign them to the Machines/Groups/Orgs in their scope
Policies can be seen by all users regardless of scope
Comments
1 comment
Scope leak must be avoided, otherwise we can't allow customers to use modules that expose anything about other customers.
Please sign in to leave a comment.