[opencms-dev] User Role for Newsletter Module

Wed May 28 10:26:55 CEST 2008

Hi List,
did anything happen due to this mail from Christian Hellinger?
We are running into the same question...
regards
Konstantin Ott

Christian Hellinger schrieb:
> Hello,
>
> we are using the Newsletter Module 1.0.0 in an OpenCms 7.0.3 installation 
> on a WAS 6.1 Express
>
> It's described in the manual of the newsletter module, that the "Account 
> manager" role is required to sent newsletters.
>
> My question is: How can I prevent a "newsletter manager" from changing 
> i.e. the password of the "Admin" account (what would mean that this user 
> could lock me, the admin, out of the system)? It seems that an Account 
> Manager is able to manage all users below _and_ above his current OU! 
>
> So, even if I create an Admin account in an OU parallel to the OU used by 
> this user, he could create an account in the root unit and disable my 
> account with this new account.
>
> Was this behaviour described above intended? Is there a way of restricting 
> the access of the Account Manager? If not, it seems to me that this is a 
> possible security risk.
>
>
> Best regards
>
> Christian Hellinger
>
> PS: I also found, that I can't add roles to users in the newsletter ou 
> directly, btw.
>
> --------------------------------------
>
> DREGER INFORMATION TECHNOLOGY
>
> J&J DREGER Consulting GmbH & Co. KG
> Carl-Benz-Str. 35
> D - 60386 Frankfurt am Main, Germany
>
> Phone :    +49-69-90479-0
> Fax   :    +49-69-90479-479
>
> Email :    christian.hellinger at dreger.de
> WWW   :    http://www.dreger.de
>
> --------------------------------------
>
> Consulting & Solutions: http://www.d-business.de
> Mobile Solutions Competence Center: http://www.d-business.de/mscc
>
> Business Development: http://www.1j1.com
> --------------------------------------
> Sitz / Registergericht: Frankfurt am Main / Amtsgericht Frankfurt am Main
> Registernummer: HRA 42705
> Geschaeftsfuehrer: Jens Dreger, Joerg Dreger
> USt.ID: DE244892265
> --------------------------------------
> Komplementaer-GmbH: J&J DREGER Verwaltungs GmbH, Carl-Benz-Str. 35, 60386 Frankfurt am Main
> Sitz / Registergericht: Frankfurt am Main / Amtsgericht Frankfurt am Main
> Registernummer: HRB 73891
> Geschaeftsfuehrer: Jens Dreger, Joerg Dreger
> --------------------------------------
> Diese E-Mail inklusive aller Anhaenge koennte vertrauliche und/oder rechtlich geschuetzte Informationen 
> enthalten. Wenn Sie nicht der beabsichtigte Adressat sind, der diese E-Mail irrtuemlich erhalten hat, 
> informieren Sie bitte sofort den Absender und vernichten Sie alle Kopien dieser E-Mail von Ihrem System. 
> Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet.
>
> This e-mail and any attachment (both hereinafter called as e-mail)  may contain confidential and/or privileged 
> information. If you are not the intended recipient or have received this e-mail in error please notify the sender 
> immediately and destroy all copies of this e-mail from your system. Any unauthorised copying, disclosure or 
> distribution of the material in this e-mail is strictly forbidden.
>
>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/mailman/listinfo/opencms-dev
>
>   

-- 
Mit besten Grüssen / with best regards

Konstantin Ott
abc Neue Medien | Systementwickler
___________________________________________

Albert Bauer KG

Conventstr. 1-3

22089 Hamburg | Germany

Phone: +49 40 25109-224

Fax: +49 40 25109-121

mailto:kott at abc-digital.com 

http://www.abc-digital.com

____________________________________________

Albert Bauer KG (GmbH & Co.)
P.H.G. Reproduktionsgesellschaft Conventhaus mbH
Sitz der Gesellschaft: Hamburg
Handelsregister: Amtsgericht Hamburg HRB 11120
Geschäftsführer: Harald Dau, Carsten Dau, Rolf Gehrke, Marcus Müller