[opencms-dev] Confirming sub Organizational Unit users/groups permissions bug
Fabian Huschka
fabian.huschka at componio.net
Fri Feb 15 13:09:56 CET 2008
Hello Micheal,
Michael Moossen schrieb:
> Hi Oli!
>
> No, this are not the same.
>
> your 'problem' has 2 parts:
> > This user can then see the parent unit and edit all those users.
> No, this should not be the case, and i can not reproduce it.
>
> > This user can also edit admin user and use the "switch user"
> > functionality in order to become the admin user and get access to all
> > areas or CMS.
> this works as designed or better said we have not really think about
> this. it is not decided yet if we will do something about this in 7.0.4.
>
We are very concerned with this "feature" as it enables the user to lock
out the admin by simply changing its password. In certain shared hosting
environments this is a nightmare.
> Kind regards,
> Michael
>
> -------------------
>
> Alkacon Software GmbH - The OpenCms Experts
> Michael Moossen
> An der Wachsfabrik 13
> 50996 Koeln, DE
>
> Besuchen Sie uns auf der CeBIT 2008
> Halle 5, Stand F59/3
>
> Tel: +49 (0)2236 3826-0
> Fax: +49 (0)2236 3826-20
> Email: m.moossen at alkacon.com
>
> http://www.alkacon.com
> http://www.opencms.org
>
>
>
More information about the opencms-dev
mailing list