[jira] [Updated] (CONTINUUM-2747) Protect ability to run reports with standalone role

Fri, 24 Apr 2015 11:25:57 -0700 

     [ 
https://issues.apache.org/jira/browse/CONTINUUM-2747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Brent N Atkinson updated CONTINUUM-2747:
----------------------------------------
    Description: 
Made worse by CONTINUUM-2746, running reports should be limited to users that 
are registered. The intent is that abuse can be managed by locking accounts. 
Adding a permission is another route, but considering it is open to anonymous 
it may be unnecessary.

UPDATE: After some investigation, it appears the problem is that reporting is 
granted to all project users and granting Guest the ability to be a project 
user is used to allow anonymous users to see the build summary. By separating 
reporting from project user, reporting can be granted on an individual basis 
rather than being inherited.

  was:Made worse by CONTINUUM-2746, running reports should be limited to users 
that are registered. The intent is that abuse can be managed by locking 
accounts. Adding a permission is another route, but considering it is open to 
anonymous it may be unnecessary.


> Protect ability to run reports with standalone role
> ---------------------------------------------------
>
>                 Key: CONTINUUM-2747
>                 URL: https://issues.apache.org/jira/browse/CONTINUUM-2747
>             Project: Continuum
>          Issue Type: Improvement
>            Reporter: Brent N Atkinson
>            Priority: Minor
>              Labels: maybe-1.5
>             Fix For: 1.5.0
>
>
> Made worse by CONTINUUM-2746, running reports should be limited to users that 
> are registered. The intent is that abuse can be managed by locking accounts. 
> Adding a permission is another route, but considering it is open to anonymous 
> it may be unnecessary.
> UPDATE: After some investigation, it appears the problem is that reporting is 
> granted to all project users and granting Guest the ability to be a project 
> user is used to allow anonymous users to see the build summary. By separating 
> reporting from project user, reporting can be granted on an individual basis 
> rather than being inherited.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to