Idea ID: 1682701

Add access control for System Properties

Status : Delivered
over 2 years ago

Hello OO development team and members of OO community,

currently System Properties in OO Central have no access control. Everyone logged to Central can see them and also edit the values. This is not acceptable from both security and integrity points of view. If we store values in System Properties that all or most production flows use and an inexperienced or irresponsible user changes the values to wrong ones it could have serious impact on the execution of production flows.

Please enhance the access control possibilities for System Properties to make it possible to set who can view and edit the system properties

Kind regards

Jan Rys

  • It was delivered in the 2019.11 release. The functionality should be similar to the one of the System Accounts.

  • The idea is prioritized in our backlog and will be implemented in a future release.

    Please continue to monitor this idea to get updates when it will be available.

  • i'd like to add to this idea also. This is a great idea to provide proper RBAC on System Properties. Though like @Michael_it mentioned we need far better RBAC control on System Accounts also, we can't have users who need the account to run a execution be able to extract the password or update the password

  • As mentioned by with details in /it_ops_mgt/sws-oo/i/oo_idea_exchange/add-flows-as-option-in-system-account-permissioning many security concerns derived from use System Accounts are addresed.
    Don't forget a system account password can be obtained in cleartext (I use it as a challenger exercise when I'm the instructor in OO courses)

  • The idea received enough support from the community to be considered for prioritization in our future development planing.

    We will continue to monitor the idea so please expect further updates.