[
https://issues.apache.org/jira/browse/GUACAMOLE-1957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17853593#comment-17853593
]
Adam commented on GUACAMOLE-1957:
---------------------------------
To be honest, this approach to permissions is kind of strange and not intuitive
- when user have his admin rights removed he should not be able to do any
admin-related tasks, meaningless of fact that he created, or not, some of the
resources.
But if this works the way described - we can live with it, just understand
implications correctly.
Also, happy to know that other bug was discovered :)
> Permissions system behaving unexpectedly
> ----------------------------------------
>
> Key: GUACAMOLE-1957
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1957
> Project: Guacamole
> Issue Type: Bug
> Affects Versions: 1.5.5
> Environment: Guacamole and guacd installed using official docker
> images.
> Reporter: Adam
> Priority: Minor
>
> If an user have any administrative permissions assigned to him, either
> directly or inherited from a group, and created anything using this
> permissions (user, group, connection, etc.), he can make administrative
> actions on these items even after administrative permissions are detached
> from him directly or by removing from group from which these permissions were
> inherited.
> This effectively makes user a lifelong administrator of items he created,
> even after this user does not have these permissions anymore.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
