Facebook
TwitterHi, we use Obsidian 18.0.24 on 5 physical Servers.
We hosted around 40 domains per server.
We set up another own server for one customer and migrated his web presence from one of the other servers.
Yesterday a customer logged in on the wrong server, on which his presence is not hosted.
He could log in with the user role "Domain Administrator" and see all Domains that are hosted on this server!
When searching for the problem, I found that all users from the other Server were migrated! But we migrated a SINGLE website only!
obviously this Users have access to the server, although the domains (subscriptions) are not stored there! They can see an administrate all hosted Domains,
even though they only have access to their own domain, which is not even hosted there!
It looks as if Obsidian grants access to all domains if a login via user roles exists (in my case "Domain-Administrator), but the assigned domain cannot be found on the Server.
How can that be?
We hosted around 40 domains per server.
We set up another own server for one customer and migrated his web presence from one of the other servers.
Yesterday a customer logged in on the wrong server, on which his presence is not hosted.
He could log in with the user role "Domain Administrator" and see all Domains that are hosted on this server!
When searching for the problem, I found that all users from the other Server were migrated! But we migrated a SINGLE website only!
obviously this Users have access to the server, although the domains (subscriptions) are not stored there! They can see an administrate all hosted Domains,
even though they only have access to their own domain, which is not even hosted there!
It looks as if Obsidian grants access to all domains if a login via user roles exists (in my case "Domain-Administrator), but the assigned domain cannot be found on the Server.
How can that be?
