[
https://issues.apache.org/jira/browse/JS2-1100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ate Douma resolved JS2-1100.
----------------------------
Resolution: Fixed
> DeveloperBrowser-type portlets for delegated admin can be used to assign
> global admin role
> ------------------------------------------------------------------------------------------
>
> Key: JS2-1100
> URL: https://issues.apache.org/jira/browse/JS2-1100
> Project: Jetspeed 2
> Issue Type: Bug
> Components: Admin Portlets
> Affects Versions: 2.2.0, 2.2.1
> Reporter: Paul Anderson
> Assignee: Ate Douma
> Labels: delegated, portlet, security
> Fix For: 2.2.2
>
>
> There is no way for a deployer to configure preset lists (or combinations) of
> allowed roles etc that a delegated administrator can assign to filtered
> users, or to filter out certain roles from the list of options available.
> (Also no way to set required attributes like language, which would be useful
> too).
> So a delegated admin can give users full global admin privileges. This makes
> the portlet unsuitable for production use.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org
