View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007392 | mantisbt | security | public | 2006-08-24 21:20 | 2007-05-08 03:43 |
| Reporter | urkle | Assigned To | vboctor | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | duplicate | ||
| Product Version | 1.0.5 | ||||
| Summary | 0007392: a manager of a project can add other users to the project w/ administrative rights | ||||
| Description | when user demo1 has Manager access to projectA, he can log in, switch to projectA and grant rights to other users in the system for that project.. However he can grant rights higher than what he has. ie. he can give another user administrative rights to projectA. | ||||
| Additional Information | Shouldn't a user only be able to grant access to as high as he already has? ie.. a manager can grant manager and lower? | ||||
| Tags | No tags attached. | ||||
