If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Normal user got admin permissions

RESOLVED DUPLICATE of bug 167485

Status

()

Bugzilla
User Interface
RESOLVED DUPLICATE of bug 167485
15 years ago
5 years ago

People

(Reporter: Naveen Joshi, Assigned: myk)

Tracking

Details

(Reporter)

Description

15 years ago
User-Agent:       Opera/6.11 (Linux 2.4.18-3 i686; U)  [en]
Build Identifier: 

First we faced this problem in BZ. ver. 2.12 and when we upgraded it to 2.16.3 it remains same. We are maintaining some product in same databsse and users can access bug based on group. Whenever we are creating new porduct/componenet we observes the following things.
1. Normal users has got some administrative rights (like products, attachement status, keywords, groups etc.).
2. Some of the bugs being hidden while its present on the DB.
3. Administrator has lost the power. If administrator going to correct users right then it does not affect.
4. Generally its happening on product creationing users


Reproducible: Always

Steps to Reproduce:

1.
2.
3.

Actual Results:  
It changss the Normal user rights.

Expected Results:  
On creating new product/componenet the user sould have normal rights and maintainer should have admin rights.

We have buggroup option ON in the configuration.
This is fixed in 2.16.1 and up.  If the products in question already had their
rights "broken" prior to upgrading, upgrading won't fix it.  The upgrade only
fixes the additional creation of new product groups.  Each affected product will
need to have its group manually deleted via SQL and then recreated from
editgroups.cgi to repair it.  User rights related to said product(s) will then
need to be audited from editusers.cgi.  Anyone who was granted access to the
broken products probably has their permissions all messed up.

*** This bug has been marked as a duplicate of 167485 ***
Group: webtools-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.