Project

General

Profile

Actions
Copy link

Bug #15908

closed

Users with Deny Config Write privilege can change their own password

Added by Marcos M 15 days ago. Updated 4 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
Marcos M
Category:
User Manager / Privileges
Target version:
2.8.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
25.03
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

A user with read-only privilege and access to System > User Password Manager is able to change its own password.

Actions
Copy link
 #1

Updated by Marcos M 15 days ago

  • Private changed from Yes to No
Actions
Copy link
 #2

Updated by Marcos M 15 days ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #3

Updated by Lev Prokofev 15 days ago

I checked the patch on 24.11, the user with RO privileges is not able to change the password.

The following input errors were detected:

Insufficient privileges to make the requested change (read only).
Actions
Copy link
 #4

Updated by Jim Pingle 12 days ago

  • Plus Target Version changed from 25.01 to 25.03
Actions
Copy link
 #5

Updated by Jim Pingle 11 days ago

  • Status changed from Feedback to Resolved
Actions
Copy link
 #6

Updated by Jim Pingle 4 days ago

  • Subject changed from Read-only users can change their own password to Users with Deny Config Write privilege can change their own password
Actions
Copy link

Also available in: Atom PDF