Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Modifying teams and roles enforces all permissions and scoping in elevation checks #5537

Closed
NickJosevski opened this issue May 3, 2019 · 2 comments

Comments

@NickJosevski
Copy link

commented May 3, 2019

The feature

Stronger permissions elevation prevention measures.

What it actually enables people to do

You can now grant TeamCreate/Edit and UserRoleCreate/Edit to a broader set of users knowing they cannot elevate their own or other users permissions.

What pain relievers or gain generators are we solving for people?

Previously we treated the combination of TeamCreate/Edit and UserRoleCreate/Edit as sufficient privilege and the elevation checks were only about preventing the granting the top level permissions like AdministerSystem and ConfigureServer.

What does it look like

image

Links

@NickJosevski NickJosevski added this to the 2019.5.0 milestone May 3, 2019
@NickJosevski NickJosevski self-assigned this May 3, 2019
@NickJosevski NickJosevski changed the title Modifying team and role access enforces Modifying teams and roles enforces all permissions and scoping in elevation checks May 3, 2019
@octoreleasebot

This comment has been minimized.

Copy link

commented May 3, 2019

Release Note: Modifying teams and roles enforces all permissions and scoping in elevation checks

@lock

This comment has been minimized.

Copy link

commented Aug 1, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. If you think you've found a related issue, please contact our support team so we can triage your issue, and make sure it's handled appropriately.

@lock lock bot locked as resolved and limited conversation to collaborators Aug 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
2 participants
You can’t perform that action at this time.