Hi! When I want to have someone as admin for user accounts, I understand that I should add a role with the connected action cfgwebaccess. I could then either bind individuals to that role or use firerules for it.
This works. However, what I'm effectively doing if I give webaccess rights to someone is, that I promote him to superadmin, simply cause she could https://juser.fz-juelich.de/admin/webaccess/webaccessadmin.py/manageaccounts?mtype=perform_modifyaccounts#4 and here she is allowed to become /any/ user. Even a user with /more/ rights then she actually had herself. Ie. every user that that has cfgwebaccess can effectively su - root. I wonder wether this is really intended... Looks like a backdoor. What I'd like to enable is a su to users with less or equal rights e.g. for our helpdesk. This would allow them to check contents of some baskets or see some workflowish stuff exactly as the enduser does. But even though I really trust our helpdesk I'd like to avoid them to have a bunch of admin options that only cause confusion. This might happen by sheer chance as usernames are e-mail addresses and I just count what mails I get due to (near and excat) name dupes... -- Kind regards, Alexander Wagner Subject Specialist Central Library 52425 Juelich mail : [email protected] phone: +49 2461 61-1586 Fax : +49 2461 61-6103 www.fz-juelich.de/zb/DE/zb-fi ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------
