Prevent user from approving the request exemption
complete
S
Skinny Grasshopper
In the security test tab, user can select the vulnerability and raise the request for exemption. But it seems the requester can approve his own request. Even if the person is the project admin and raise the request same person should not able to approve his own request.
We are planning to use this feature to override if it is not reported in the in-perm tool (Fortify). So this need to be addressed.
Log In
Pritesh Chandaliya
complete
This post was marked as
in progress
Pritesh Chandaliya
next fiscal quarter
We have prioritized this efforts for Q2 (May-July 2024)
Y
Yolk Chickadee
Planned for 1H 2024
R
Rubber Scallop
Hi Rajiv,
With this request, essentially, whoever requests for the exemption cannot approve their own exemption.
Currently, project admins who are also devs, can request an exemption and also approve their own exemption, which creates conflict of interest concerns for audit and our control team.
Would it help to setup a 15 minute call?
B
Beryl Dormouse
long-term
Renga, we talked on this topic earlier today. One can customize the RBAC permissions to achieve the behavior - you are seeking for near term use. Independently, would like to review if there is an enhanced approach we can instrument that fulfills your use-case. Moving the current ticket to long term status.
B
Beryl Dormouse
under review