Actions
Feature #1787
closed
Everyone with access to user manager has full admin rights
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
User Manager / Privileges
Target version:
-
Start date:
04/22/2011
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Description
In some scenarios, it's undesirable for user manager users to have full admin capabilities, such as managing CP users and other things.
Updated by Ermal Luçi about 14 years ago
Can you describe how you have setup your firewall that gives you this issue?
Updated by Hans-Harald Webers about 14 years ago
There are only a few things I have changed. I think this problem is not dependend on the configuration. To test this problem, you can do the following:
- Make a new user
- Give this user only one "effective privileg": Access to the 'System: User Password Manager'
- Log in as this user
- Go to the User Manager and you can do all the things, I discribed.
Updated by Chris Buechler about 14 years ago
- Tracker changed from Bug to Feature
- Subject changed from User Manager can make himself an admin (security problem) to Everyone with access to user manager has full admin rights
- Priority changed from High to Normal
Updated by Chris Buechler about 14 years ago
- Affected Version deleted (
2.0)
That's just a fact of how it works, not a bug. If you have access to the user manager you have full admin rights.
Updated by Jim Pingle over 13 years ago
- Status changed from New to Closed
Duplicate of #319 - more detailed analysis exists there.
Actions