Appear to have uncovered a possible bug. For demonstration purposes I login to an application using a personal gmail account. At first everything works fine. Then at some point (possibly after a sync) the security filters fail and I start seeing products and documents that should only be seen under my work email login.
This is during a single session using Chrome as the browser.
It may have something to do with Chrome thinking I am using my work email persona, while logged in under a different email when using the AppSheet app. AppSheet may be getting confused and hence the failure of the security-filters (mid-session), showing me the wrong products and documents. The quick-fix is to log-out and log-back in, but this only lasts a while.
Suggestion from AppSheet is to clear the cache of the Chrome Browser. But does that need to occur every time I login as someone else?
Has anyone else experienced this problem?
Chrome specifics are in screen-shot below.
Machine is an Apple MacBook Pro
Thank you in advance
Yep.
Pretty much.
Many thanks @Steve for confirming my suspicions. Surely if you are authenticated as a specific user when starting the application, AppSheet should not start treating you as a different user mid-way through the session.
Isnโt this a security breach?
The applications built are multi-tenanted and this appears to run the risk of displaying someone elseโs data (controlled by the security filters) if they happen to use the same device (e.g. hot-desking at a PC).
That cannot be correct?
The app just uses whatever identity Chrome provides.
โHot-deskingโ is the bigger security threat.
User | Count |
---|---|
43 | |
32 | |
25 | |
23 | |
14 |