Skip to main content

Documentation Index

Fetch the complete documentation index at: https://papyrus.hownee.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Objective

Ensure unauthorized users cannot escalate their privileges or access admin settings, and that all such attempts are logged and denied.

Prerequisites

  • You must have a guest or non-admin account for testing.

Steps

  1. Log in to the Papyrus app as a guest or non-admin user.
  2. Attempt to access admin settings or perform admin-only actions (e.g., module management, user management).
    • Screenshot needed: Attempted access to admin settings as a non-admin.
  3. Observe the system’s response. The action should be denied and logged.
    • Video recommended: Record the attempt and the system’s denial response.
  4. If possible, review the system logs or audit trail for the recorded attempt.
    • Screenshot needed: Log entry or audit trail showing the denied action.

Expected Results

  • Unauthorized actions are blocked and the user is shown an appropriate error message.
  • The attempt is logged in the system for auditing.
  • If privilege escalation is possible, document the steps and capture screenshots or video.
Tip: If you encounter any issues, please document the error message and steps taken, and attach screenshots or a video for troubleshooting.