[
https://issues.apache.org/jira/browse/CLOUDSTACK-648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13533711#comment-13533711
]
gavin lee commented on CLOUDSTACK-648:
--------------------------------------
Hi, Isaac
I think the discussion is beyond the scope of this case.
I originally thought every user inside CloudStack could change their own login
password in account entry.
For the domain entry, both change password or edit other changable items may
need further discussion.
Though they called same api: updateUserCmd for all operations, they have
different UI entry; If there are security concerns, change password may need
add another api rather than using updateUserCmd.
Thanks.
> The normal users could change their own login password
> ------------------------------------------------------
>
> Key: CLOUDSTACK-648
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-648
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server
> Affects Versions: 4.1.0
> Environment: DevCloud2 and others
> Reporter: gavin lee
> Priority: Minor
> Labels: changes, password, user
> Fix For: 4.1.0
>
> Original Estimate: 48h
> Remaining Estimate: 48h
>
> After created normal users by administrator, using the normal users login
> should let them change their own password.
> The easiest way to change this is enable it on the UI by changing
> scripts/accounts.js and changing access level for api: updateUser in file
> commands.properties.
> If there are concerns of security, new api may be introduced.
> please comment.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
