You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@continuum.apache.org by "Brent N Atkinson (JIRA)" <ji...@apache.org> on 2015/04/25 21:46:39 UTC
[jira] [Comment Edited] (CONTINUUM-2747) Protect ability to run
reports with standalone role
[ https://issues.apache.org/jira/browse/CONTINUUM-2747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14511481#comment-14511481 ]
Brent N Atkinson edited comment on CONTINUUM-2747 at 4/25/15 7:46 PM:
----------------------------------------------------------------------
While this will improve the situation for new installations, the new role will not be automatically created for existing installations. It will require re-creation of the role database.
was (Author: batkinson):
While this will improve the situation for new installations, the new role will be not automatically created for existing installations. It will require re-creation of the role database.
> Protect ability to run reports with standalone role
> ---------------------------------------------------
>
> Key: CONTINUUM-2747
> URL: https://issues.apache.org/jira/browse/CONTINUUM-2747
> Project: Continuum
> Issue Type: Improvement
> Reporter: Brent N Atkinson
> Priority: Minor
> Labels: maybe-1.5
> Fix For: 1.5.0
>
>
> Made worse by CONTINUUM-2746, running reports should be limited to users that are registered. The intent is that abuse can be managed by locking accounts. Adding a permission is another route, but considering it is open to anonymous it may be unnecessary.
> UPDATE: After some investigation, it appears the problem is that reporting is granted to all project users and granting Guest the ability to be a project user is used to allow anonymous users to see the build summary. By separating reporting from project user, reporting can be granted on an individual basis rather than being inherited.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)