DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=43915>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43915 ------- Additional Comments From [EMAIL PROTECTED] 2007-11-20 09:30 ------- (In reply to comment #0) > One of my testers has found an easy way to escalate rights in Lenya. If > someone > has admin rights to a subtree, they can use these rights to gain full access > to > the admin tab. This is not desirable as one would grant admin on a subtree so > that the sub-admin can administer rights on that subtree. IMO this would mean that we need two "administrator" roles: - a website administrator who is allowed to grant/deny roles etc. - an application administrator who is allowed to execute the admin.* usecases -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
