It has been observed that it's possible to use live proxies to bypass the permissions (Write) on the target document with this scenario :
- As an admin, create a container Workspace1
- Grant Read permission to group1 which contains user1
- Create a document File1 in Workspace1
- At this step, user1 cannot make any modification on File1 because user1 only has Read permission on it
- As user1 create now a live proxy to File1 in its personal workspace where it has Everything permission
- Thanks to the Everything permission, user1 changes the description of the live proxy
- Observe that the description is updated on the live proxy but also on the target document File1
Expected behavior: when user1 changes the metadata on the live proxy, the Write permission is checked on the target and in this scenario it should raise an exception (security exception).
PS : Note that a schema can be defined as writable for a proxy : if a metadata from this schema is updated, it should work without error.