Details
-
Bug
-
Resolution: Fixed
-
Neutral
-
5.4.8
-
-
Yes
-
Empty show more show less
-
Yes
-
Saigon 58
-
3
Description
Given a custom admin role with Get&Post URI access to /* (right-side of the screenshot)
A custom admin user cannot grant any URI permission to / or /* (left-side of the screenshot)
Granting permissions to any other path does still work.
This is mitigated when superusers manage roles (they can grant anything practically), but needs to be fixed for multi-tenancy scenarios.
Checklists
Acceptance criteria
Attachments
Issue Links
- supersedes
-
MGNLUI-3838 Wrong ACL-validation results in AccessViolation
-
- Closed
-