shwstppr commented on PR #9173: URL: https://github.com/apache/cloudstack/pull/9173#issuecomment-2165011801
> > I would expect a Domain Admin to promote a user up to their own level. > I feel this shouldn't be allowed. It should be done by account with higher privileges, ROOT admin here. We can change if others agree on the same. > > well, that mean they can make other users read only. I am not sure if this is desired. No, they won't be able to. Check is based on the RoleType (https://github.com/apache/cloudstack/blob/4.19/api/src/main/java/org/apache/cloudstack/acl/RoleType.java#L30-L34). So, they won't be able to do anything even if API allows unless we add a new RoleType in the code. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
