View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0007466 | mantisbt | security | public | 2006-09-23 02:29 | 2007-05-08 03:43 |
Reporter | vboctor | Assigned To | vboctor | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.0.5 | ||||
Fixed in Version | 1.0.6 | ||||
Summary | 0007466: Port: 6719: Manager of a project can assign the Administrator role to a user. | ||||
Description | A manager should not be able to assign a role higher than manager to a user on any of his projects. When a user is assigned the Administrator role on a project, he can delete and create users, he can delete and create custom fields, he can change the system configuration. This is a major flaw in the security of MANTIS. The simpler way to fix this is to remove the ability to pick administrator as a role from a manager. | ||||
Tags | No tags attached. | ||||