Project

General

Profile

Actions

Bug #9428

closed

Unable to access "System: Authentication servers" if "WebCfg - System: User Password Manager" is set

Added by A FL about 5 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
User Manager / Privileges
Target version:
Start date:
03/24/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

Hello,

It seems that defining permission page-system-usermanager-passwordmg completely blocks users from accessing to the Authentication servers page of the user manager.

Steps for reproducing the issue :

  1. Create an user. Assign WebCfg - System: Authentication Servers , WebCfg - System: User Password Manager and WebCfg - Dashboard (all) to it. (WebCfg - Dashboard is not necessary, but it's better to have this permission for accessing the home page of pfSense)
  2. Log in as this user and try to access Authentication Servers page in the user manager.
  3. Enjoy :

It seems that I can still access this page by entering the correct url, /system_authservers.php.

It's not a permission issue, rater a menu issue ("User Password" should display a menu showing "Authentication Servers" page).

Actions #2

Updated by Jim Pingle almost 5 years ago

  • Affected Version changed from 2.4.x to All
  • Affected Architecture All added
  • Affected Architecture deleted (amd64)

That page is hidden on purpose. You should only give users that permission if they do not have access to the user management page.

If a user can access the user manager, that page is not necessary.

This feels more like a user error with permission management to me.

We can work around that with changes similar to the PR, but the PR needs a change or two. Will leave comments there.

Actions #3

Updated by Renato Botelho almost 5 years ago

  • Status changed from New to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions #4

Updated by Jim Pingle about 4 years ago

  • Status changed from Feedback to Resolved

The changes from the merged PR look good, the tab has the new name when appropriate.

Actions

Also available in: Atom PDF