Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
5.5.0, 6.5.0
Description
When removing permissions from a user, an admin should have the ability to forcibly disconnect a user's UI session. This will allow the admin to remove the permissions and ensure that after forcibly disconnecting the user is immediately not able to access the functionality.
Steps to repro:
- Create user with Query Select[travel-sample], Data Reader[travel-sample] roles.
- Log in with user.
- In separate tab/browser, remove "Query Select[travel-sample]" role.
- Back in other tab, observe that the user is still able to navigate the UI. They should be kicked out if they no longer have UI access. Only logging out and attempting to log back in again will show this.