-
Bug
-
Resolution: Won't Do
-
Medium
-
1
-
Major
-
Confluence
Issue Summary
When the org admin and/or Support logs in as/impersonates a certain user and conducts a search in Confluence, the returned results are not reflective of that impersonated user's perms and access.
Steps to Reproduce
- Log in as a user through the instance's admin UI.
- Once logged into Confluence as the impersonated user, conduct a quick search or advanced search on information that the impersonated user does not have access to.
- Observe that the returned results include information normally restricted from the impersonated user.
Expected Results
The search should not return information that the impersonated user does not have access to.
Actual Results
The search returns information normally not included in the impersonated user's access/permissions.
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available.
We are able to reproduce the bug on our end and will be prioritising this bug to be fixed, apologies for the misconfiguration and thank you for raising this bug.
For the moment, please consider the following:
As only organization admins are able to use the impersonation feature (link), please restrict the number of organization admins to users who need full access.