Red Hat Bugzilla – Bug 114879
'Edit Item' privilege allows 'Delete Item'
Last modified: 2007-04-18 13:02:29 EDT
Description of problem:
Granting a user the 'Edit Item' privilege allows the user to delete
1) Create a new CMS User, add them to a role w/o 'Edit Item' or
2) Create an item.
3) The user can't delete it; no delete link appears.
4) Grant 'Edit Item' to the user.
5) The user now sees a 'Delete' link next to the items, and can
successfully delete them.
From talking with Scott, it isn't 100% clear that this is a bug; this
may be allowed by implied permissions, but possibly the permissions
are too large.
Dan, could you & Scott & whomever hash this out? If it isn't a bug, we
need to assign a documentation task to kwade or charjt.
I vote for not a bug, because there is such a fine line between delete
& edit - someone with edit privilege can just as easily delete all the