Re: Delegated admin with DeveloperBrowser - stopping devmgr from assigning admin role

[David Sean Taylor <d....@onehippo.com>]

On Fri, Feb 5, 2010 at 8:00 AM, <p_...@volny.cz> wrote:

> The DeveloperBrowser portlet seems to be able to add any roles to the
> users that it's allowed to administer (those with role 'dev').
> So devmgr could give users the 'admin' role!
>
> Is there a way to configure a preference for this portlet that would
> allow the deployer to specify the available roles, or to specify predefined
> sets of required roles for the devmgr to choose from?
>
>
Good point, a loophole in the delegated security. Could you create a JIRA
issue and we can discuss and implement it from there, thanks