User-Agent: Opera/6.11 (Linux 2.4.18-3 i686; U) [en] Build Identifier: First we faced this problem in BZ. ver. 2.12 and when we upgraded it to 2.16.3 it remains same. We are maintaining some product in same databsse and users can access bug based on group. Whenever we are creating new porduct/componenet we observes the following things. 1. Normal users has got some administrative rights (like products, attachement status, keywords, groups etc.). 2. Some of the bugs being hidden while its present on the DB. 3. Administrator has lost the power. If administrator going to correct users right then it does not affect. 4. Generally its happening on product creationing users Reproducible: Always Steps to Reproduce: 1. 2. 3. Actual Results: It changss the Normal user rights. Expected Results: On creating new product/componenet the user sould have normal rights and maintainer should have admin rights. We have buggroup option ON in the configuration.
This is fixed in 2.16.1 and up. If the products in question already had their rights "broken" prior to upgrading, upgrading won't fix it. The upgrade only fixes the additional creation of new product groups. Each affected product will need to have its group manually deleted via SQL and then recreated from editgroups.cgi to repair it. User rights related to said product(s) will then need to be audited from editusers.cgi. Anyone who was granted access to the broken products probably has their permissions all messed up. *** This bug has been marked as a duplicate of 167485 ***