You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Paul Anderson (JIRA)" <je...@portals.apache.org> on 2010/02/05 19:21:28 UTC
[jira] Created: (JS2-1100) DeveloperBrowser-type portlets for
delegated admin can be used to assign global admin role
DeveloperBrowser-type portlets for delegated admin can be used to assign global admin role
------------------------------------------------------------------------------------------
Key: JS2-1100
URL: https://issues.apache.org/jira/browse/JS2-1100
Project: Jetspeed 2
Issue Type: Bug
Components: Admin Portlets
Affects Versions: 2.2.0
Reporter: Paul Anderson
There is no way for a deployer to configure preset lists (or combinations) of allowed roles etc that a delegated administrator can assign to filtered users, or to filter out certain roles from the list of options available. (Also no way to set required attributes like language, which would be useful too).
So a delegated admin can give users full global admin privileges. This makes the portlet unsuitable for production use.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] Updated: (JS2-1100) DeveloperBrowser-type portlets for
delegated admin can be used to assign global admin role
Posted by "David Sean Taylor (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Sean Taylor updated JS2-1100:
-----------------------------------
Fix Version/s: 2.2.1
> DeveloperBrowser-type portlets for delegated admin can be used to assign global admin role
> ------------------------------------------------------------------------------------------
>
> Key: JS2-1100
> URL: https://issues.apache.org/jira/browse/JS2-1100
> Project: Jetspeed 2
> Issue Type: Bug
> Components: Admin Portlets
> Affects Versions: 2.2.0
> Reporter: Paul Anderson
> Assignee: David Sean Taylor
> Fix For: 2.2.1
>
>
> There is no way for a deployer to configure preset lists (or combinations) of allowed roles etc that a delegated administrator can assign to filtered users, or to filter out certain roles from the list of options available. (Also no way to set required attributes like language, which would be useful too).
> So a delegated admin can give users full global admin privileges. This makes the portlet unsuitable for production use.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] Resolved: (JS2-1100) DeveloperBrowser-type portlets for
delegated admin can be used to assign global admin role
Posted by "David Sean Taylor (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Sean Taylor resolved JS2-1100.
------------------------------------
Resolution: Fixed
only allow delegated user managers to assign roles and groups in which they already belong
exception is administrator, who can assign all regardless
> DeveloperBrowser-type portlets for delegated admin can be used to assign global admin role
> ------------------------------------------------------------------------------------------
>
> Key: JS2-1100
> URL: https://issues.apache.org/jira/browse/JS2-1100
> Project: Jetspeed 2
> Issue Type: Bug
> Components: Admin Portlets
> Affects Versions: 2.2.0
> Reporter: Paul Anderson
> Assignee: David Sean Taylor
> Fix For: 2.2.1
>
>
> There is no way for a deployer to configure preset lists (or combinations) of allowed roles etc that a delegated administrator can assign to filtered users, or to filter out certain roles from the list of options available. (Also no way to set required attributes like language, which would be useful too).
> So a delegated admin can give users full global admin privileges. This makes the portlet unsuitable for production use.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] Assigned: (JS2-1100) DeveloperBrowser-type portlets for
delegated admin can be used to assign global admin role
Posted by "David Sean Taylor (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Sean Taylor reassigned JS2-1100:
--------------------------------------
Assignee: David Sean Taylor
> DeveloperBrowser-type portlets for delegated admin can be used to assign global admin role
> ------------------------------------------------------------------------------------------
>
> Key: JS2-1100
> URL: https://issues.apache.org/jira/browse/JS2-1100
> Project: Jetspeed 2
> Issue Type: Bug
> Components: Admin Portlets
> Affects Versions: 2.2.0
> Reporter: Paul Anderson
> Assignee: David Sean Taylor
>
> There is no way for a deployer to configure preset lists (or combinations) of allowed roles etc that a delegated administrator can assign to filtered users, or to filter out certain roles from the list of options available. (Also no way to set required attributes like language, which would be useful too).
> So a delegated admin can give users full global admin privileges. This makes the portlet unsuitable for production use.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] Updated: (JS2-1100) DeveloperBrowser-type portlets for
delegated admin can be used to assign global admin role
Posted by "Paul Anderson (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Anderson updated JS2-1100:
-------------------------------
Affects Version/s: 2.2.1
> DeveloperBrowser-type portlets for delegated admin can be used to assign global admin role
> ------------------------------------------------------------------------------------------
>
> Key: JS2-1100
> URL: https://issues.apache.org/jira/browse/JS2-1100
> Project: Jetspeed 2
> Issue Type: Bug
> Components: Admin Portlets
> Affects Versions: 2.2.0, 2.2.1
> Reporter: Paul Anderson
> Assignee: David Sean Taylor
> Fix For: 2.2.1
>
>
> There is no way for a deployer to configure preset lists (or combinations) of allowed roles etc that a delegated administrator can assign to filtered users, or to filter out certain roles from the list of options available. (Also no way to set required attributes like language, which would be useful too).
> So a delegated admin can give users full global admin privileges. This makes the portlet unsuitable for production use.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] Reopened: (JS2-1100) DeveloperBrowser-type portlets for
delegated admin can be used to assign global admin role
Posted by "Paul Anderson (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Anderson reopened JS2-1100:
--------------------------------
Limiting the assignable roles to those possessed by the user of the portlet works as an approach, but there is a bug in the implementation.
When you use the portlet and edit another user's associations, the dropdown list is at first correctly limited to your own roles.
But if you delete a role, the dropdown then changes to list all the roles on the portal, and stays like that.
> DeveloperBrowser-type portlets for delegated admin can be used to assign global admin role
> ------------------------------------------------------------------------------------------
>
> Key: JS2-1100
> URL: https://issues.apache.org/jira/browse/JS2-1100
> Project: Jetspeed 2
> Issue Type: Bug
> Components: Admin Portlets
> Affects Versions: 2.2.0
> Reporter: Paul Anderson
> Assignee: David Sean Taylor
> Fix For: 2.2.1
>
>
> There is no way for a deployer to configure preset lists (or combinations) of allowed roles etc that a delegated administrator can assign to filtered users, or to filter out certain roles from the list of options available. (Also no way to set required attributes like language, which would be useful too).
> So a delegated admin can give users full global admin privileges. This makes the portlet unsuitable for production use.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org