Red Hat Bugzilla – Bug 506661
I have access rights I should not have.
Last modified: 2013-06-24 00:07:30 EDT
Description of problem:
I have Administration tab under my account and I can administrate products:
Red Hat Enterprise IPA
I do not know anything about this projects and I'm sure I don not need or should have rights for adminstrating this projects.
I can access:
https://bugzilla.redhat.com/editproducts.cgi?action=edit&product=Red Hat Enterprise IPA&classification=Red Hat
I have investigated this issue, and the reason you can see those 2 products is that those products has the group 'rhds' associated with it and that group has editcomponents checked on it which means that
'Any group having editcomponents selected allows users who are in this group to edit all aspects of this product, including components, milestones and versions.'
and you are a member of the rhds group that is why you can edit those 2 products, the question is,
Do those products need to have editcomponents checked for the rhds group? I am not really sure who applied this kind of permission to the above products, Do you have any idea Dave?
Noura, I have no problem with removing the editcomps privs from those products and then see who complains if anyone.
What needs to be done is for different products that need someone other than a normal Bugzilla admin to maintain, we create a special admin group such as 'rhds_admin' and then grant that group with editcomponents rights. Then we can
keep the normal bug users separate from the ones who can maintain the product.
Of course then we add even more groups but it would solve this in the meantime.
I have removed the editcomponents from the rhds group for the above 2 products, as it is giving a wide range of users access to those products and they are not supposed to have it, so will see if any one complains then as you said we can then create the rhds_admin group and add them to it and give it the editcomponents check.
Thanks for reporting the issue Miroslav.