During User Impersonation - impersonated account can access advanced search results that include pages they should not have permission to view.

XMLWordPrintable

    • 5
    • Minor
    • 0

      Issue Summary

      During user impersonation, the advanced search utilizes the site admin's permissions instead of the impersonated user's permissions. This leads to unauthorized content being displayed in search results for impersonated accounts.

      PS : however when accessed by user the contents are locked. Its happening only when admin performs user personation which means, when impersonating users, Confluence Advanced Search uses the site admin account, it applies site admin permissions

      Steps to Reproduce

      1. Select few contents and restricts it from user A
      2. With admin role, impersonate user A

      Expected Results

      You will see the restricted contents are NOT visible in advanced search results when impersonating User A

      Actual Results

      You will see the restricted contents are visible in advanced search results when impersonating User A

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

            Assignee:
            Unassigned
            Reporter:
            Trupti Das
            Votes:
            5 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated: