If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

provide a restrictive version of "editusers" perhaps "addusers"

NEW
Unassigned

Status

()

Bugzilla
Bugzilla-General
--
enhancement
15 years ago
11 years ago

People

(Reporter: Ralf Hauser, Unassigned)

Tracking

Details

(URL)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030212
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030212

if one of my more restrictive options on editcomponents were available (see 1-3
of http://bugzilla.mozilla.org/show_bug.cgi?id=194684), then it would alsom make
sense to restrict editusers such that a user with "addusers" set can
- only add users, but not change their password once set nor disable them (then
that would have to be escalated to the bugzilla admin)
- only enable them for groups the editing user is a member of her-/himself

Again, it appears that the edit* flag overrides security of groups, i.e. if I
grant some the editusers privilege, they could add others/themselves to groups
they weren't members before...

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
confirming feature request.

Thanks!
Status: UNCONFIRMED → NEW
Depends on: 189627
Ever confirmed: true
Reassigning bugs that I'm not actively working on to the default component owner
in order to try to make some sanity out of my personal buglist.  This doesn't
mean the bug isn't being dealt with, just that I'm not the one doing it.  If you
are dealing with this bug, please assign it to yourself.
Assignee: justdave → general
QA Contact: mattyt-bugzilla → default-qa

Comment 3

11 years ago
(In reply to comment #0)
> - only enable them for groups the editing user is a member of her-/himself

That's the job of users with bless privileges.

Updated

11 years ago
Depends on: 357695

Updated

11 years ago
No longer depends on: 357695
You need to log in before you can comment on or make changes to this bug.