User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030212 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030212 if one of my more restrictive options on editcomponents were available (see 1-3 of http://bugzilla.mozilla.org/show_bug.cgi?id=194684), then it would alsom make sense to restrict editusers such that a user with "addusers" set can - only add users, but not change their password once set nor disable them (then that would have to be escalated to the bugzilla admin) - only enable them for groups the editing user is a member of her-/himself Again, it appears that the edit* flag overrides security of groups, i.e. if I grant some the editusers privilege, they could add others/themselves to groups they weren't members before... Reproducible: Always Steps to Reproduce: 1. 2. 3.
confirming feature request. Thanks!
Reassigning bugs that I'm not actively working on to the default component owner in order to try to make some sanity out of my personal buglist. This doesn't mean the bug isn't being dealt with, just that I'm not the one doing it. If you are dealing with this bug, please assign it to yourself.
(In reply to comment #0) > - only enable them for groups the editing user is a member of her-/himself That's the job of users with bless privileges.