Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A tenant admin can create a user with role EvmRole-super_administrator #135

Closed
evertmulder opened this issue Jan 11, 2017 · 2 comments · Fixed by ManageIQ/manageiq#13689 or #271
Closed

A tenant admin can create a user with role EvmRole-super_administrator #135

evertmulder opened this issue Jan 11, 2017 · 2 comments · Fixed by ManageIQ/manageiq#13689 or #271
Assignees
@martinpovolny

Comments

@evertmulder
Copy link
Contributor

evertmulder commented Jan 11, 2017
edited
Loading

#A tenant admin (role EvmRole-tenant_administrator, member of a none root tenant) can create a group for the tenant with the role EvmRole-super_administrator and a user in this group.

This user suddenly gain system level privileges that are way beond the scope of a none root tenant member, for example changing schedules or disable a entire appliance.
su

Btw. This is also possible using the API.
@evertmulder evertmulder mentioned this issue Jan 11, 2017
Closed
@martinpovolny martinpovolny self-assigned this Jan 12, 2017
@lpichler
Copy link
Contributor

@miq-bot assign @lpichler

@miq-bot
Copy link
Member

miq-bot commented Jan 27, 2017

@lpichler @lpichler is an invalid assignee, ignoring...

@evertmulder evertmulder changed the title A tenant admin can create a user with role EvmRole-tenant_administrator A tenant admin can create a user with role EvmRole-super_administrator Jan 27, 2017
This was referenced Jan 30, 2017
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@martinpovolny martinpovolny

Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@martinpovolny @evertmulder @miq-bot @lpichler