Project

General

Profile

Bug #9428

Unable to access "System: Authentication servers" if "WebCfg - System: User Password Manager" is set

Added by A FL 2 months ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
User manager
Target version:
Start date:
03/24/2019
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:
All

Description

Hello,

It seems that defining permission page-system-usermanager-passwordmg completely blocks users from accessing to the Authentication servers page of the user manager.

Steps for reproducing the issue :

  1. Create an user. Assign WebCfg - System: Authentication Servers , WebCfg - System: User Password Manager and WebCfg - Dashboard (all) to it. (WebCfg - Dashboard is not necessary, but it's better to have this permission for accessing the home page of pfSense)
  2. Log in as this user and try to access Authentication Servers page in the user manager.
  3. Enjoy :

It seems that I can still access this page by entering the correct url, /system_authservers.php.

It's not a permission issue, rater a menu issue ("User Password" should display a menu showing "Authentication Servers" page).

History

#2 Updated by Jim Pingle about 2 months ago

  • Affected Version changed from 2.4.x to All
  • Affected Architecture changed from amd64 to All

That page is hidden on purpose. You should only give users that permission if they do not have access to the user management page.

If a user can access the user manager, that page is not necessary.

This feels more like a user error with permission management to me.

We can work around that with changes similar to the PR, but the PR needs a change or two. Will leave comments there.

Also available in: Atom PDF