Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-10584

Prevent a poweruser from editing an administrators group or adding a user to an administrators group

    XMLWordPrintable

    Details

      Description

      Currently, a poweruser can promote himself to an administrator by adding himself to the administrators group. I would consider this a security bug.

      See http://answers.nuxeo.com/questions/4419/should-powerusers-be-prevented-from-changing-an-administrators-group

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 4 hours
                  4h
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 hours Time Not Required
                  3h