-
Bug
-
Resolution: Fixed
-
Neutral
-
5.4.8
-
-
Yes
-
Empty show more show less
-
Yes
-
Saigon 58
-
3
Given a custom admin role with Get&Post URI access to /* (right-side of the screenshot)
A custom admin user cannot grant any URI permission to / or /* (left-side of the screenshot)
Granting permissions to any other path does still work.
This is mitigated when superusers manage roles (they can grant anything practically), but needs to be fixed for multi-tenancy scenarios.
Acceptance criteria
- supersedes
-
MGNLUI-3838 Wrong ACL-validation results in AccessViolation
- Closed