Question

Project security issue: User role X must be able to at least grant its own role?

1

Hi, We have encountered a strange situation in Mx 5.21.2: a user with user role X is unable to view a datagrid displaying other users (form will not load at all), unless user role X has itself as a grantable role. Of course, this is not an acceptable solution; we don't want all roles being able to assign their own role to other users. For instance, a functional manager should not be able to create other functional managers, only the administrator should have that ability. This issue can be reproduced in a blank project, so it is not an upgrade issue. Are we doing something wrong or are we perhaps missing a simple solution for our issue?

asked 2016-04-11

Wouter Visser

2 answers

Lex van Rooy · Answer 1 · 2016-04-11

Are you allowing users access to the Administration part through the "standard" screens or custom ones?

For deferred rights allocation we created an additional LocalAdministration module with specific forms, never noticed similar problems that way. The issue might be with the defined Module Roles vs the Application Roles

Wouter Visser · Answer 2 · 2016-04-13

We've found the issue: the standard account overview has a dropdown for the boolean System.User/WebServiceUser. Somehow this causes the form to not load. Removal of the dropdown solves the issue...