VERIFIED SOLUTION i

EngageOne - How to resolve Insufficient Privilege Separation

Product Feature: Security
 
Poorly defined privilege separation within the application allowed authenticated users to perform unauthorised actions which were considered outside the scope of their defined role. This may also be indicative of a poorly designed user role scheme.

Regular users of the application are able to gain administrative privileges within the application.

Reconfigure the access control logic to ensure privilege separation is enforced within the application. Privilege separation should be defined to mirror the business use cases of the various user roles whilst adhering to the principal of least privilege.

This has been resolved in all builds later than 3.1.2.27078.Build57
UPDATED:  April 4, 2017