portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Sean Taylor (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Resolved: (JS2-1100) DeveloperBrowser-type portlets for delegated admin can be used to assign global admin role
Date Wed, 31 Mar 2010 00:24:34 GMT

     [ https://issues.apache.org/jira/browse/JS2-1100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Sean Taylor resolved JS2-1100.
------------------------------------

    Resolution: Fixed

only allow delegated user managers to assign roles and groups in which they already belong
exception is administrator, who can assign all regardless


> DeveloperBrowser-type portlets for delegated admin can be used to assign global admin
role
> ------------------------------------------------------------------------------------------
>
>                 Key: JS2-1100
>                 URL: https://issues.apache.org/jira/browse/JS2-1100
>             Project: Jetspeed 2
>          Issue Type: Bug
>          Components: Admin Portlets
>    Affects Versions: 2.2.0
>            Reporter: Paul Anderson
>            Assignee: David Sean Taylor
>             Fix For: 2.2.1
>
>
> There is no way for a deployer to configure preset lists (or combinations) of allowed
roles etc that a delegated administrator can assign to filtered users, or to filter out certain
roles from the list of options available. (Also no way to set required attributes like language,
which would be useful too).
> So a delegated admin can give users full global admin privileges. This makes the portlet
unsuitable for production use.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message