Site vs. user administration (bug 43915)

[Andreas Hartmann <an...@apache.org>]

Hi Lenya devs,

Richard pointed out that there's a dangerous connection between site 
administration rights and user administration rights. If Alice has the 
admin role on a single page, she can execute the admin.* usecases under 
the Admin tab.

A quite straightforward solution is to introduce two different 
administration roles:

1. Website administrator (e.g. "manager")
2. Application administrator (e.g., "admin")

The application administrator role would be used in the usecase policies 
to protect the admin.* usecases. We have to add a mechanism which 
ensures that this role is not granted to anyone in the "AC auth" tab.

WDYT?

-- Andreas


-- 
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
Tel.: +41 (0) 43 818 57 01


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org

Re: Site vs. user administration (bug 43915)

[Richard Frovarp <Ri...@sendit.nodak.edu>]

Andreas Hartmann wrote:
> Hi Lenya devs,
>
> Richard pointed out that there's a dangerous connection between site 
> administration rights and user administration rights. If Alice has the 
> admin role on a single page, she can execute the admin.* usecases 
> under the Admin tab.
>
> A quite straightforward solution is to introduce two different 
> administration roles:
>
> 1. Website administrator (e.g. "manager")
> 2. Application administrator (e.g., "admin")
>
> The application administrator role would be used in the usecase 
> policies to protect the admin.* usecases. We have to add a mechanism 
> which ensures that this role is not granted to anyone in the "AC auth" 
> tab.
>
> WDYT?
>
> -- Andreas
>
>

+1


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org