Details
-
Task
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
Description
As user I want that another user will not be able to go to my notebook event if he has the link to my Notebook, so that I will be confident that my Notebook data is in security.
If user (Project_admin of another project or not admin) has a notebook link of the other user he can go to this Notebook via his own credentials and view files of the other user on this Notebook.
So we should limit the access to this link from DevOps side (by the level of Keycloak).
Github issue: https://github.com/apache/incubator-dlab/issues/730