We have a local account that is configured in NCM as: None No access to NCM functionality.
We validated no NCM access when invoking ConfigSearch like this:
swis.invoke('Cirrus.ConfigArchive', 'ConfigSearch',...)
HOWEVER, when doing a swis.query("SELECT ... FROM Cirrus.ConfigArchive"), this user is actually able to view configs.
This is an application design flaw, correct? (a security flaw)