PAGER - Security Flaw

Idea created by Paul Wyatt - Avison Young UK on Sep 16, 2019
    Open for voting
    Score11

    IDEA

    Suppress max number of members displayed to a given sub-group when using PAGER object

     

    I would like to suggest that the PAGER object be changed to also show only the max number of members of a given sub-group and not only the max number of members within the entity.

     

    Explanation.

    I have found that the pager object reveals the maximum number of members for the entity used, regardless of any security settings.  The outcome is that users can see the number of units held in the database even if they are restricted to seeing only their own entity members.  The risk is that users may misinterpret max value and investigate as to why they cannot access all entity members. 

     

    Another risk is that the max total compromises the security of a model by revealing information that was deliberately suppressed.  An example of this case might be where sales personnel acquire clients/customers or [insert things].  By being able to see the size of the population, an assumption on the performance of an individual or group may be possibe where such conclusions and knowledge could be detrimental to overall performance.

     

    Case Study

    A multi client property database is used to hold the property portfolios of many unrelated clients.  The client, when accessing the model, only ever sees entities, members and cube values relating directly to them, including the maximum number of entity members when viewing and selecting.  Image 1 shows the view of a client with 13 properties, of which 3 have been selected.

     

    IMAGE 1: 3 selected properties revealing the number of selections and the maximum number of members in each selection.  It can be seen that this client has a total of 13 properties.

    The database holds over 500 properties, relating to other clients.  This figure is revealed when hovering over the PAGER controls on screen, as can be seen in IMAGE 2 & 3.  This issue compromises the security measures put in place in order to provide clients with a client-centric experience, as well as to supress the true size of the database being used.

     

    IMAGE 2: Total number of entity members held in database revealed when hovering over the PAGER control

     

     

    IMAGE 3: Closer look at the PAGER Control and the figures revealed

     

    On hovering over the Pager controls, the user now knows that there are quite a number of properties managed by the provider of the BOARD model; information which was deliberately suppressed by the service provider for commercial reasons.  Such an issue could raise questions around data management and governance, as well as the importance of a client to the service provider, amongst potentially larger or smaller clients.

     

    Use of @User to provide security - compromised

    From a technical perspective, this issue compromises the security of a model when using a single database for multiple external clients and where entity members have been explicitely suppressed through design and with the use of @User, as in this developer's case.