Created attachment 526481 [details] Serverlog Description of problem: Non admin user should not be able to change the field login enabled to 'No' Version-Release number of selected component (if applicable): RHQ Version: 4.1.0-SNAPSHOT Build Number: 092d688 GWT Version: 2.0.4 SmartGWT Version: 2.4 How reproducible: Every time Steps to Reproduce: 1. Create a LDAP group (Ex: sunilgroupad ) 2. Create a LDAP user (suniltestad) 3. Add the LDAP user to the LDAP group 4. Login to rhq as rhqadmin 5. Create a role with all global and resource permissions (Manage Security) 6. Logout and login to RHQ as LDAP user(suniltestad) 7. Navigate to administration tab --> users---> user link 8. Select "no" radio as for Login enabled field 9. login with the same ldap user. 10. It won't allow the user to login as we changed to no. 11. But seen some authentication error message at server log Please find the log as attached .... Actual results: [org.rhq.enterprise.gui.authentication.AuthenticateUserAction] Could not log into the web application Expected results: There should be no exception. Additional info: At present the LDAP user cannot delete himself or he can not change his password. The same way ldap user should not be able to change the login enabled to 'No'
role has manage security ... which gives you full access to set all permissions, including enabling and disabling login. user can correctly login, and receives an error message saying he cannot login. the exception when someone not authenticated cannot login ... seems ok. consider changing to debug message...