User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; ru; rv:22.214.171.124) Gecko/20100914 Firefox/3.6.10 GTB7.1 Build Identifier: 3.6.2 All users can change any preferences of any bugs (Assigne, Product, Component, CC List, etc) even if he is not reporter or QA contact. Reproducible: Always
This means your users have editbugs privs, which is exactly what these privileges are for. If you don't want to let them edit all bugs, remove these privilieges.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INVALID
Version: unspecified → 3.6.2
Yes, I know this. I've already deleted editbugs privilege from TESTUSER. There are no access points checked in the "Administration -> Users" tab on editusers.cgi page, but in the "Preferences -> Permissions" tab on page /userprefs.cgi?tab=permissions I see the following text: "You have the following permission bits set on your account: editbugs Can edit all aspects of any bug" The only solution I found is a manually deletion permission string in mySQL database. For example, in the 'user_group_map' table I delete this string: user_id group_id isbless grant_type 77 6 0 2 Now user 77 (TESTUSER) can`t edit any strangers bugs and in a "Preferences -> Permissions" of this user "editbugs" rules is not displayed. I do not understand what the problem.
Probably all users have editbugs privs because the editbugs group has .* as regular expression. Go check that at editgroups.cgi.
You need to log in before you can comment on or make changes to this bug.