[ https://issues.apache.org/jira/browse/COUCHDB-1374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marcos Zanona closed COUCHDB-1374. ---------------------------------- Resolution: Later > Server Admin never gets deleted > ------------------------------- > > Key: COUCHDB-1374 > URL: https://issues.apache.org/jira/browse/COUCHDB-1374 > Project: CouchDB > Issue Type: Bug > Components: Futon, Infrastructure > Affects Versions: 1.1.1 > Reporter: Marcos Zanona > Labels: admin, login, security, validation > Fix For: 1.2, 1.3, 1.1.2 > > > It seems that when creating a Server Admin and then deleting that same user > with another admin makes the first user stay active, resulting in a no > deletion and doesn't block the access to the old admin access. > It becomes marked as {"error":"not_found","reason":"deleted"} but still > having access to the whole system as an admin. > Also, Futon let's you create another simple user with the same name as the > deleted server admin without any problem, resulting on a password change for > the old server admin, but that user will stay as a server admin even if that > wasn't the original intention. > * I have experienced this creating these users through Futon by using the > "Setup more admins" popup -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira