Users without the ASSIGN_MEMBER permission can still assign users to an organization

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 6.0.6 GA, 6.0.12 EE, 6.1.0 CE GA1, 6.1.10 EE GA1
Fix Version/s: 6.1.1 CE GA2, 6.1.20 EE GA2, 6.2.0 CE M2
Component/s: API, API > Portal Service, Security
Labels:
None

Similar Issues:

Show 4 results

Description

Users without the ASSIGN_MEMBER permission can still assign users to an organization by using the JSON service. This may lead to increased entitlements for that user.

Activity

Hide

Permalink

Samuel Kong added a comment - 24/Apr/12 7:27 AM

The code for this ticket was committed under LPS-26887.

Show

Samuel Kong added a comment - 24/Apr/12 7:27 AM The code for this ticket was committed under LPS-26887.

People

Assignee:

Samuel Kong

Reporter:

Samuel Kong

Participants of an Issue:

Samuel Kong

Vote (0)

Watch (1)

Dates

Created:

24/Apr/12 7:24 AM

Updated:

08/Feb/13 4:34 PM

Resolved:

25/Apr/12 12:28 AM

Days since last comment:

1 year, 3 weeks, 5 days ago

Agile

View on Board

~~LPS-27512~~	An admin with view permission on all users can still not see all users when assign members
LPS-28040	Granting role permissions to allow user rights to assign members to organizations without being a member
~~LPS-19660~~	Assigning members in organizations breaks the permissions once new user tries to assigns another user
LPS-20951	Deactivate button presented in Role->Assign Members regardless of user capabilities