#438: Implement and enforce product permission policy
---------------------------+---------------------------------
Reporter: olemis | Owner: jure
Type: task | Status: review
Priority: critical | Milestone: Release 6
Component: multiproduct | Version:
Resolution: | Keywords: permission security
---------------------------+---------------------------------
Changes (by olemis):
* status: accepted => review
* owner: olemis => jure
Old description:
> TBD
New description:
Goals
- Leverage PRODUCT_ADMIN as a meta-permission in product context
- Product owner automatically granted with PRODUCT_ADMIN in product
context
- TRAC_ADMIN granted in product env will be ignored
* Setting TRAC_ADMIN permission in product scope is in vain
since it controls access to critical actions affecting the whole
site
This will protect the system against malicious actors
and / or failures leading to the addition of TRAC_ADMIN permission
in product perm store in spite of obtaining unrighteous super
powers.
On the other hand this also means that PRODUCT_ADMIN(s) are
able to set user permissions at will without jeopardizing system
integrity and stability.
- TRAC_ADMIN in global env also valid in product env
--
Comment:
[attachment:t438_r1456016_product_perms.diff Attached patch] implements
this ticket . As a consequence I'm proposing to revert part of the code
added for #404 in r1449636 by applying patches in the following order :
{{{
#!sh
$ hg qapplied
t438/t438_r1456016_product_perms.diff
t404/t404_r1456016_revert_r1449636.diff
}}}
@jure @matevzb : Nevertheless I didn't find a way to check whether the
same expectations you had when applying those changes (i.e. r1449636) will
still be met . Considering the fact that the rationale is a bit fuzzy to
me, then I kindly request for your comments .
--
Ticket URL: <https://issues.apache.org/bloodhound/ticket/438#comment:3>
Apache Bloodhound <https://issues.apache.org/bloodhound/>
The Apache Bloodhound (incubating) issue tracker
