Deleting the last admin should not be possible #3713
Comments
ScharfViktor
added
Type:Bug
Priority:p2-high
micbar
added
Priority:p3-medium
|
I don't think we can use the same solution here. As far I know, we can't list who is admin. We can get all the roles and we can get the roles for a specific user, but we'll have to check each user one by one if we want to know who is admin. A simpler alternative could be to prevent deleting yourself, so another admin would need to do that for you, which ensures there is an additional admin. It also ensures that the new admin can manage the system (he can access with his account and perform admin's operations), which is something the might not happen if you remove yourself (new admin might lose his password) Unless we have a use case where an admin needs to remove himself from the system, I think it's better to prevent that action in all circumstances. |
|
@micbar, this sounds like PM needs to make a decision. Should an admin be able to delete himself or should another admin do that? I like @jvillafanez's proposal for the benefits he already stated. |
|
yes i like it too
Good proposal. Fine from my POV |
|
The issue spans a bit further: for role assignments we'd also need to make sure that the last admin can't get a role downgrade unless another user gets the admin role assigned. Opinions? |
Wouldn't it be sufficient to just block editing your own roles? |
|
I'd vote for blocking the edition too. I don't know if it will possible to have an intermediate role just to manage the accounts (not admin, but maybe accountManager), but in that case it might also be possible to increase your own permissions. It will be also more difficult to handle these cases. By blocking the edition of your role, this case is prevented. You also depend on another person to approve your role change because he'll be the one changing your role. |
|
There must always be at least one "admin" account. Downgrading an admin to another role (if another admin exists) should have a security question, IMO. Keep in mind that roles will be configurable in the future. Actually we'd need to define the set of permissions that at least one user must have. |
|
Learning from refinement: disable both (edit own role, delet own account) |
micbar
added
GA-Blocker
Priority:p2-high
And admin user is no longer allows to edit/remove its own assignments. This to prevent admins from locking themselves out. Fixes: owncloud#3713
And admin user is no longer allows to edit/remove its own assignments. This to prevent admins from locking themselves out. Fixes: owncloud#3713
And admin user is no longer allowed to edit/remove its own assignments. This to prevent admins from locking themselves out. Fixes: owncloud#3713
And admin user is no longer allowed to remove its own user account. This to prevent admins from locking themselves out. Fixes: owncloud#3713
And admin user is no longer allowed to edit/remove its own assignments. This to prevent admins from locking themselves out. Fixes: owncloud#3713
And admin user is no longer allowed to remove its own user account. This to prevent admins from locking themselves out. Fixes: owncloud#3713
ocis local:
branch: v2.0.0-alpha1
Actual: as admin I can delete myself, even if I am the last admin in the system.
Expected: similar to the logic in project spaces. Admin can delete yourself if at least one admin remains in the system
The text was updated successfully, but these errors were encountered: