Account/contacts users that are synced to CABI correctly and showing the correct restricted origin, show data from other origins when launching CABI Reports.
Our customers who have user accounts on Operator Console are able to see other customers server names and metric data through reports portlets that are loaded from CABI.
This is can be seen, for example browsing with account/contact loging to: ”Reports -> Health -> Device -> Device trend report”
UIM 20.3.3 June Patch / UIM 20.4
CABI 4.30 bundled / 7.50
Component : UIM - CABI
This is a product defect. Once an account user is created in OC Account/Admin it needs an extra configuration step in CABI so that the allowed_origins are inherited properly.
While a fix is worked and delivered to automate this process the following workaround can be used.
Follow this procedure:
1) Access the CABI user Management on cabijs using superuser/superuser access.
Eg.: http://<cabi_server>/cabijs/ --> Manage > Users
2) Ensure that the allowed origins are correct for the test user selected.
3) Set Inherited to "false" as in the screenshots below:
4) log-off, clear browser cache and test the issue again
A future release of CABI/OC will include the fix for this issue.