RFL200315: Known Issue - Unprivileged observer users can remove files


RayFlow Server 5.0






Normally, if a user is a member of a group that is associated with the Project Manager role or higher, this user is able to remove uploaded file links as well as delete the actual file that was uploaded from the relevant depot. 

With the release of RayFlow 5.0, a new role type called Observer was included, which allows its members to view all datafields associated with a project in sigle-task view mode. 

It has been discovered that users that are only members of groups that have the standard user type, are able to perform uploaded file management actions when they are made a member of a group that has the observer role type. 

This situation has been corrected via RayFlow 5.0 Hotfix 2 which is linked to this article. 




RF 5.0 Hotfix 2

Have more questions? Submit a request


Powered by Zendesk