Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-11356 An Organization Administrator can alter a user's roles without permission
  3. LPE-11358

If user assigned an organization role, one user with the "Org. Administrator" role can promote/demote user A's permission by changing the values of two attributes to the desired ones in the "User Information > Roles" page. - platform

    Details

    • Type: Fix Pack Patch
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.1.X EE
    • Component/s: Application Security
    • Labels:
      None

      Attachments

        Activity

          People

          • Assignee:
            juan.gonzalez Juan Gonzalez (Inactive)
            Reporter:
            juan.gonzalez Juan Gonzalez (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Due:
              Created:
              Updated:
              Resolved:

              Packages

              Version Package
              6.1.X EE