[opencms-dev] User Role for Newsletter Module

Schliemann, Kai K.Schliemann at comundus.com
Wed May 28 11:01:54 CEST 2008 

Hi Konstantin,
This issue has been discussed earlier on another topic.
The Bug "changing i.e. the password of the "Admin" account" is fixed in version 7.0.4

Regards

Kai 

-----Ursprüngliche Nachricht-----
Von: opencms-dev-bounces at opencms.org [mailto:opencms-dev-bounces at opencms.org] Im Auftrag von Konstantin Ott
Gesendet: Mittwoch, 28. Mai 2008 10:27
An: The OpenCms mailing list
Betreff: Re: [opencms-dev] User Role for Newsletter Module

Hi List,
did anything happen due to this mail from Christian Hellinger?
We are running into the same question...
regards
Konstantin Ott

Christian Hellinger schrieb:
> Hello,
>
> we are using the Newsletter Module 1.0.0 in an OpenCms 7.0.3 
> installation on a WAS 6.1 Express
>
> It's described in the manual of the newsletter module, that the 
> "Account manager" role is required to sent newsletters.
>
> My question is: How can I prevent a "newsletter manager" from changing 
> i.e. the password of the "Admin" account (what would mean that this 
> user could lock me, the admin, out of the system)? It seems that an 
> Account Manager is able to manage all users below _and_ above his current OU!
>
> So, even if I create an Admin account in an OU parallel to the OU used 
> by this user, he could create an account in the root unit and disable 
> my account with this new account.
>
> Was this behaviour described above intended? Is there a way of 
> restricting the access of the Account Manager? If not, it seems to me 
> that this is a possible security risk.
>
>
> Best regards
>
> Christian Hellinger
>
> PS: I also found, that I can't add roles to users in the newsletter ou 
> directly, btw.
>
> --------------------------------------
>
> DREGER INFORMATION TECHNOLOGY
>
> J&J DREGER Consulting GmbH & Co. KG
> Carl-Benz-Str. 35
> D - 60386 Frankfurt am Main, Germany
>
> Phone :    +49-69-90479-0
> Fax   :    +49-69-90479-479
>
> Email :    christian.hellinger at dreger.de
> WWW   :    http://www.dreger.de
>
> --------------------------------------
>
> Consulting & Solutions: http://www.d-business.de Mobile Solutions 
> Competence Center: http://www.d-business.de/mscc
>
> Business Development: http://www.1j1.com
> --------------------------------------
> Sitz / Registergericht: Frankfurt am Main / Amtsgericht Frankfurt am 
> Main
> Registernummer: HRA 42705
> Geschaeftsfuehrer: Jens Dreger, Joerg Dreger
> USt.ID: DE244892265
> --------------------------------------
> Komplementaer-GmbH: J&J DREGER Verwaltungs GmbH, Carl-Benz-Str. 35, 
> 60386 Frankfurt am Main Sitz / Registergericht: Frankfurt am Main / 
> Amtsgericht Frankfurt am Main
> Registernummer: HRB 73891
> Geschaeftsfuehrer: Jens Dreger, Joerg Dreger
> --------------------------------------
> Diese E-Mail inklusive aller Anhaenge koennte vertrauliche und/oder 
> rechtlich geschuetzte Informationen enthalten. Wenn Sie nicht der 
> beabsichtigte Adressat sind, der diese E-Mail irrtuemlich erhalten hat, informieren Sie bitte sofort den Absender und vernichten Sie alle Kopien dieser E-Mail von Ihrem System.
> Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet.
>
> This e-mail and any attachment (both hereinafter called as e-mail)  
> may contain confidential and/or privileged information. If you are not 
> the intended recipient or have received this e-mail in error please 
> notify the sender immediately and destroy all copies of this e-mail from your system. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
>
>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list To change 
> your list options, or to unsubscribe from the list, please visit 
> http://lists.opencms.org/mailman/listinfo/opencms-dev
>
>   


--
Mit besten Grüssen / with best regards


Konstantin Ott
abc Neue Medien | Systementwickler
___________________________________________


Albert Bauer KG

Conventstr. 1-3

22089 Hamburg | Germany

Phone: +49 40 25109-224

Fax: +49 40 25109-121

mailto:kott at abc-digital.com 

http://www.abc-digital.com

____________________________________________

Albert Bauer KG (GmbH & Co.)
P.H.G. Reproduktionsgesellschaft Conventhaus mbH
Sitz der Gesellschaft: Hamburg
Handelsregister: Amtsgericht Hamburg HRB 11120
Geschäftsführer: Harald Dau, Carsten Dau, Rolf Gehrke, Marcus Müller


_______________________________________________
This mail is sent to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
http://lists.opencms.org/mailman/listinfo/opencms-dev

More information about the opencms-dev mailing list