On Mon, May 23, 2016 at 6:31 PM, Laura E. Lincks < laura.lin...@icap.columbia.edu> wrote:
> Thanks for your responses. We did later notice that at least for the > upgrade from 2.20 --> 2.21 our user role(s) lost an authority. We can > easily add the authority to the appropriate roles, so problem solved. > However, is it strange that not having that authority prevents the app icon > from appearing but it does not prevent access to the app if the user knows > the URL for the app? It would appear that users could access apps they > shouldn't have access to if they can determine the URL for the app. > > Hi Laura The app authority is purely a visibility filter. Since our apps are now using the web-api for all requests, the usage of the apps are still secured. So while they might be able to load up the app, if they don't have access authorities, they will not be able to use it. -- Morten Olav Hansen Senior Engineer, DHIS 2 University of Oslo http://www.dhis2.org
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp