[jira] [Updated] (NIFI-2329) User authorization: Able to create a users with the same name which causes that user to lose User & Policies privileges

Wed, 20 Jul 2016 08:10:41 -0700 

     [ 
https://issues.apache.org/jira/browse/NIFI-2329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrew Lim updated NIFI-2329:
-----------------------------
    Description: 
I had an initial admin user who had default privs to access and modify Users & 
Policies.  The UI allowed me to create another user with the same name.   After 
that, the user could no longer access Users (get the error "Unable to perform 
the desired action due to insufficient permissions. Contact the system 
administrator.") and can get into the Policies window, but can no longer make 
changes and see the message "Not authorized to access the policy for the 
specified resource."


  was:
I had an initial admin user who had default privs to access and modify Users & 
Policies.  The UI allowed me to create another user with the same name.   After 
that, the user could no longer access Users (get the error "Unable to perform 
the desired action due to insufficient permissions. Contact the system 
administrator." and can get into the Policies window, but can no longer make 
changes and see the message "Not authorized to access the policy for the 
specified resource."



> User authorization:  Able to create a users with the same name which causes 
> that user to lose User & Policies privileges
> ------------------------------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-2329
>                 URL: https://issues.apache.org/jira/browse/NIFI-2329
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core UI
>    Affects Versions: 1.0.0
>            Reporter: Andrew Lim
>            Priority: Critical
>
> I had an initial admin user who had default privs to access and modify Users 
> & Policies.  The UI allowed me to create another user with the same name.   
> After that, the user could no longer access Users (get the error "Unable to 
> perform the desired action due to insufficient permissions. Contact the 
> system administrator.") and can get into the Policies window, but can no 
> longer make changes and see the message "Not authorized to access the policy 
> for the specified resource."



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to