[
https://issues.apache.org/jira/browse/JS2-915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ate Douma reopened JS2-915:
---------------------------
While the admin role, and related, associations as well as the admin user now
are protected against non-admin users, protecting the admin role itself still
isn't.
E.g. a non-admin user (like manager) could still delete the admin role or
modify its attributes.
Reopening to fix and add this additional restriction as well
> Provide admin roles security restriction on admin roles maintenance
> -------------------------------------------------------------------
>
> Key: JS2-915
> URL: https://issues.apache.org/jira/browse/JS2-915
> Project: Jetspeed 2
> Issue Type: New Feature
> Components: Security
> Affects Versions: 2.1.3, 2.2.0
> Reporter: Ate Douma
> Assignee: Ate Douma
> Priority: Minor
> Fix For: 2.2.2
>
>
> Some organization allow maintenance of user/role/group configuration and
> assignments by non-administration personnel.
> To protect accidentally locking out "admin" users, configuring a restriction
> on modifying one or multiple "admin" roles, and users/groups being assigned
> such roles, to only users having at least one of such roles should be
> possible.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org
