Project

General

Profile

Actions

Bug #9051

closed

Privileges on 'all' group are not being honored

Added by Jim Pingle over 5 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Authentication
Target version:
Start date:
10/19/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

All users are a member of the "All Users" group (actual group name internally: all).

Privileges can be added to this group, but they are not being honored. For example, with the "WebCfg - System: User Password Manager" privilege on the All Users group, a user with no other privileges cannot reach the page.


Files

config-Gateway.System-20181020085724.xml (3.27 KB) config-Gateway.System-20181020085724.xml System section of config.xml Ronald Schellberg, 10/20/2018 10:11 AM
Actions #1

Updated by Jim Pingle over 5 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Ronald Schellberg over 5 years ago

Jim Pingle wrote:

All users are a member of the "All Users" group (actual group name internally: all).

Privileges can be added to this group, but they are not being honored. For example, with the "WebCfg - System: User Password Manager" privilege on the All Users group, a user with no other privileges cannot reach the page.

This change set has created another issue for me. I had created a second admin logon in the user manager GUI and disabled the default "admin" user for increased security.

When I attempted to log on with second admin user, I get the "no page assigned to this user! Click here to logout." error response. Since the default admin user had been disabled, recovery required I had to resort to the "Option 3 - reset webConfigurator password" console option to gain GUI access again.

For some reason the GUI does not recognize my second admin user to be part of the admins group. The group page shows a member count of 2 in the admins group and my second admin user is listed in the members list.

When I review the "all" group, it has no assigned privileges, triggering the "no page assigned" response I assume. I could add privileges to "all" group, but that would defeat the purpose of the admins group.

For now I have reverted to using the default "admin" user name

Actions #3

Updated by Jim Pingle over 5 years ago

  • Status changed from Feedback to In Progress

That should not have been caused by this but I'll test it some more.

This should have only added privileges to the list a user has, not removed any access.

Do you mind sharing your user/group sections of config.xml so I can replicate it here? (remove the passwords and any other identifying info)

Actions #4

Updated by Ronald Schellberg over 5 years ago

Should be easy to replicate, I just added a new user to admins group.

In the attached config I had added "page-dashboard-all" privilege to the "all" group to avoid the "no page assigned" error.

Actions #5

Updated by Michael Kellogg over 5 years ago

I just upgraded and got no page assigned

Actions #6

Updated by Michael Kellogg over 5 years ago

removed the 'all' from both files and got access again, also admin is disabled using different user as admin

Actions #7

Updated by Jim Pingle over 5 years ago

  • Status changed from In Progress to Feedback
Actions #8

Updated by Paighton Bisconer over 5 years ago

  • Status changed from Feedback to Resolved

Tested on 2.4.5.a.20181116.1325

New user with no privileges receives "No page assigned to user"

After adding "WebCfg - All Pages" to the All group and logging in again with the same user, pages are accessible.

Marking resolved.

Actions

Also available in: Atom PDF