Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-82523

During User Impersonation - impersonated account can access advanced search results that include pages they should not have permission to view.

XMLWordPrintable

      Issue Summary

      During user impersonation, the advanced search utilizes the site admin's permissions instead of the impersonated user's permissions. This leads to unauthorized content being displayed in search results for impersonated accounts.

      PS : however when accessed by user the contents are locked. Its happening only when admin performs user personation which means, when impersonating users, Confluence Advanced Search uses the site admin account, it applies site admin permissions

      Steps to Reproduce

      1. Select few contents and restricts it from user A
      2. With admin role, impersonate user A

      Expected Results

      You will see the restricted contents are NOT visible in advanced search results when impersonating User A

      Actual Results

      You will see the restricted contents are visible in advanced search results when impersonating User A

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

              Unassigned Unassigned
              b0b849db5d18 Trupti Das
              Votes:
              5 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: