We offer Leap forms to transient users who log in via a JWT OIDC connection with an external identity provider. Within Leap, the usage rights for forms are set to "all authenticated users". This configuration is necessary because the users of these forms—citizens and businesses—authenticate via DigiD or eHerkenning, and are therefore not known within the Dutch Tax Administration's LDAP directory (there is no directory containing all known citizens). There has been a valid authentication, therefore you're authenticated.
An internal employee can log in to Leap and start a form as well. It is also technically possible to fill in the form using an internal LDAP/AD account. Leap is configured against our internal LDAP/AD to provide access to the designer for our employees (with the necessary rights).
By default, Leap only allows users to view their own data. It is not possible to access data from other users.
We would like to prevent this behavior in production. Internal users should have access to the designer. Internal users shouldn't have access to the forms, which are rendered externally.
Can we take measures to disable or block this possibility?
