Members on a Specific Project can view other project dashboards | Voters | Qase

Members on a Specific Project can view other project dashboards

Rajveer Singh

We have added new members to QASE on a specific project, however they are still able to view and access dashboards for other projects.

3 hours ago

Imad Majid

Steps to Reproduce:
1.	Create a dashboard that uses data exclusively from Project A.
2.	Ensure User X does not have access to Project A.
3.	Log in as User X and navigate to the dashboard list.
4.	Observe that:
•	User X can see the dashboard title (which may include the project name).
•	The project logo is displayed in the project column.
Expected Behavior
•	Users without access to Project A should not see dashboards tied exclusively to Project A.
•	The project logo should not be displayed for dashboards associated with projects they cannot access.
⸻
Actual Behavior:
•	Users without access to Project A can see the dashboard title and project logo in the dashboard list.
•	Widgets correctly show no data (or only data for accessible projects), but the dashboard visibility itself is not restricted.
⸻
Impact / Severity:
•	Privacy risk: Clients are exposed to project names/logos they should not be aware of.
•	Potential GDPR compliance issue, as the presence of project information could be considered sensitive.

Imad Majid

Possible Solution:

Leave the Dashboard section for only Regular users of a workspace (Unless sharing a public link like a public test run)
Implement Dashboard space inside a project. Previous feature request: https://roadmap.qase.io/feature-requests/p/feature-request-redirect-to-the-project-dashboard-or-a-new-section-from-the-proj