Bug #9428: Unable to access "System: Authentication servers" if "WebCfg - System: User Password Manager" is set - pfSense (original) (raw)
closed
Unable to access "System: Authentication servers" if "WebCfg - System: User Password Manager" is set
Category:
User Manager / Privileges
Affected Architecture:
All
Description
Hello,
It seems that defining permission page-system-usermanager-passwordmg completely blocks users from accessing to the Authentication servers page of the user manager.
Steps for reproducing the issue :
- Create an user. Assign WebCfg - System: Authentication Servers , WebCfg - System: User Password Manager and WebCfg - Dashboard (all) to it. (WebCfg - Dashboard is not necessary, but it's better to have this permission for accessing the home page of pfSense)
- Log in as this user and try to access Authentication Servers page in the user manager.
- Enjoy :
It seems that I can still access this page by entering the correct url, /system_authservers.php.
It's not a permission issue, rater a menu issue ("User Password" should display a menu showing "Authentication Servers" page).
Affected Version changed from 2.4.x to All
Affected Architecture All added
Affected Architecture deleted (
amd64)
That page is hidden on purpose. You should only give users that permission if they do not have access to the user management page.
If a user can access the user manager, that page is not necessary.
This feels more like a user error with permission management to me.
We can work around that with changes similar to the PR, but the PR needs a change or two. Will leave comments there.
- Status changed from New to Feedback
- Assignee set to Renato Botelho
- % Done changed from 0 to 100
PR has been merged. Thanks!
- Status changed from Feedback to Resolved
The changes from the merged PR look good, the tab has the new name when appropriate.
Loading...