Skip to content

A (sad) security user story

Here is a user story for implementors of security systems and platform hardening initiatives:

As any user,

I never want to get a “denied” message, but a “in order to do what you want you are missing the X permission” message in order to be able to track down the root cause and request the appropriate permissions more easily.

It’s not that hard, really.

GitLab: You are not allowed to push code to this project.

Well, it’s harder for some, apparently. That’s one hour of my life I am not getting back.

Published inHackerterrorcybercyber

One Comment

  1. Usually this is solved with “developer can push” or “protected branch”.

    Most security people have the opposite opinion: do NOT reveal why something is disallowed.

    Both positions have their pros and cons.

Leave a Reply

Your email address will not be published. Required fields are marked *