[
https://issues.apache.org/jira/browse/CONTINUUM-2747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14511481#comment-14511481
]
Brent N Atkinson commented on CONTINUUM-2747:
---------------------------------------------
While this will improve the situation for new installations, the new role will
be automatically created for existing installations. It will require
re-creation of the role database.
> Protect ability to run reports with standalone role
> ---------------------------------------------------
>
> Key: CONTINUUM-2747
> URL: https://issues.apache.org/jira/browse/CONTINUUM-2747
> Project: Continuum
> Issue Type: Improvement
> Reporter: Brent N Atkinson
> Priority: Minor
> Labels: maybe-1.5
> Fix For: 1.5.0
>
>
> Made worse by CONTINUUM-2746, running reports should be limited to users that
> are registered. The intent is that abuse can be managed by locking accounts.
> Adding a permission is another route, but considering it is open to anonymous
> it may be unnecessary.
> UPDATE: After some investigation, it appears the problem is that reporting is
> granted to all project users and granting Guest the ability to be a project
> user is used to allow anonymous users to see the build summary. By separating
> reporting from project user, reporting can be granted on an individual basis
> rather than being inherited.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
