Bug #6450


Deleting yourself in User Manager results in an empty user tag in the config

Added by Phillip Davis about 8 years ago. Updated almost 8 years ago.

User Manager / Privileges
Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:


1) System->User Manager, create an account and give it membership of admins
2) Login to that account, go to System->User Manager and delete that account ("yourself")
3) Delete success message is display, click on logo to go to dashboard - you are told you do not exist - god, expected.
4) Log back in as the another (or the real) admin user.
5) Go to System->User Manager
6) There is an "empty" row displayed for a "blank" user - problem.

Look in config.xml - you will find an empty "user" tag.


DeletedMyself.png (39.7 KB) DeletedMyself.png Phillip Davis, 06/05/2016 06:25 AM
Actions #1

Updated by Phillip Davis about 8 years ago

Screen shot attached.

Actions #2

Updated by Phillip Davis about 8 years ago

To me, it seems dangerous to let users delete their own user name. Because if they (or others) do not know the password to some other admin account on the system then they are locked out until they can get console access to reset the master admin password - which can be difficult at a remote installation, or if you don't have a serial cable handy, or...

So my suggestion is to prevent a user from deleting their own account - pull request:

That saves bothering to work out why the "blank" user is being left in the config.

I can't think of real-world situation where someone needs to delete their own account. e.g. If a staff member is leaving then it is not normally up to them to delete their own account (locking themself out) as they walk out at 5pm Friday. Someone else would be required to delete the account and verify that access is really removed.

Actions #3

Updated by Phillip Davis almost 8 years ago

This was committed to master, RELENG_2_3 and RELENG_2_3_1 around 23 June 2016.
That looks like it is later than the 2.3.1_5 release, so it never got released to the 2.3.1_* series.
Thus its first official release will be in 2.3.2

I suggest update target version to 2.3.2 and set to Feedback, or if someone has already given it a test then set it to Resolved.

Actions #4

Updated by Chris Buechler almost 8 years ago

  • Status changed from New to Resolved
  • Target version set to 2.3.2

Thanks Phil, setting the target was overlooked after the merge. Just double checked 2.3.2 and it's good.


Also available in: Atom PDF