Bug 506661 - I have access rights I should not have.
I have access rights I should not have.
Product: Bugzilla
Classification: Community
Component: User Accounts (Show other bugs)
All Linux
low Severity medium (vote)
: ---
: ---
Assigned To: Noura El hawary
Depends On:
  Show dependency treegraph
Reported: 2009-06-18 04:21 EDT by Miroslav Suchý
Modified: 2013-06-24 00:07 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-06-19 08:10:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Miroslav Suchý 2009-06-18 04:21:18 EDT
Description of problem:
I have Administration tab under my account and I can administrate products:
  Red Hat Enterprise IPA
  Free IPA
I do not know anything about this projects and I'm sure I don not need or should have rights for adminstrating this projects.

Additional info:
I can access:
https://bugzilla.redhat.com/editproducts.cgi?action=edit&product=Red Hat Enterprise IPA&classification=Red Hat
Comment 1 Noura El hawary 2009-06-18 07:18:57 EDT
I have investigated this issue, and the reason you can see those 2 products is that those products has the group 'rhds' associated with it and that group has editcomponents checked on it which means that 

'Any group having editcomponents selected allows users who are in this group to edit all aspects of this product, including components, milestones and versions.'

and you are a member of the rhds group that is why you can edit those 2 products, the question is,

Do those products need to have editcomponents checked for the rhds group? I am not really sure who applied this kind of permission to the above products, Do you have any idea Dave?

Comment 2 David Lawrence 2009-06-18 12:44:57 EDT
Noura, I have no problem with removing the editcomps privs from those products and then see who complains if anyone.

What needs to be done is for different products that need someone other than a normal Bugzilla admin to maintain, we create a special admin group such as 'rhds_admin' and then grant that group with editcomponents rights. Then we can
keep the normal bug users separate from the ones who can maintain the product.

Of course then we add even more groups but it would solve this in the meantime.

Comment 3 Noura El hawary 2009-06-19 08:10:54 EDT
Hi Dave,

I have removed the editcomponents from the rhds group for the above 2 products, as it is giving a wide range of users access to those products and they are not supposed to have it, so will see if any one complains then as you said we can then create the rhds_admin group and add them to it and give it the editcomponents check. 

Thanks for reporting the issue Miroslav.


Note You need to log in before you can comment on or make changes to this bug.