Actions
Bug #36020
openNon-admin user with org admin role can add/modify users to place them into organizations they are not assigned to
Status:
Ready For Testing
Priority:
Normal
Assignee:
Category:
Users, Roles and Permissions
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Description
1. Create 2 Organizations - O1 and O2
2. Create a user test and assign the organization admin role. Assign O1 organization to test user.
3. Login with the test user and try to create a new user, here test user can list and assign the O2 organizations while creating a new user. Which test should not be able to do because the test is the organization admin of the O1 organization only.
4. Login with the test user and try to edit the test user profile, under the organization tab, the test user can assign O2 organization to itself.
Updated by The Foreman Bot over 1 year ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/9609 added
Actions