[Question] Clearing Admin can access 'group and moderator' project from another organization even not been set as a moderator? #1450
Labels
question
Further information is requested
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
SW360 13.4.0-M1 build on Docker.
I have two organizations named 'test' and 'test2', each group has 2 users 'user1' and 'user2'.
Only test2_user2 is clearing admin.
The test_user1 created a project set visibility as 'group and moderators', the 'group' field is set as 'test' automatically then set test2_user1 as project moderator.
I suggested only test2_user2 cannot access the project since it neither from organization 'test' nor set as a project moderator.
But the test2_user2 can access the project.
P.S. I also found that if a project set visibility as 'me and moderators', it cannot be accessed even if a system administrator. Is that correct? How could a system administator find how many projects on the system then?
P.P.S. I am quite confused with the terms 'organization' and 'group' on the system, is there a document about how these terms work?
Thank you very much.
The text was updated successfully, but these errors were encountered: