View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007466 | mantisbt | security | public | 2006-09-23 02:29 | 2007-05-08 03:43 |
| Reporter | vboctor | Assigned To | vboctor | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.0.5 | ||||
| Fixed in Version | 1.0.6 | ||||
| Summary | 0007466: Port: 6719: Manager of a project can assign the Administrator role to a user. | ||||
| Description | A manager should not be able to assign a role higher than manager to a user on any of his projects. When a user is assigned the Administrator role on a project, he can delete and create users, he can delete and create custom fields, he can change the system configuration. This is a major flaw in the security of MANTIS. The simpler way to fix this is to remove the ability to pick administrator as a role from a manager. | ||||
| Tags | No tags attached. | ||||
