Details
-
Bug
-
Resolution: Fixed
-
High
-
10.65
-
None
-
1
-
Severity 2 - Major
-
X-Men - RHP9
Description
Issue Summary
The Super Admin role has the ability to remove Administration role privileges from itself. In situations where the Super Admin role is the only role with admin rights, this situation would prevent any administration of the product and requires intervention at the database level to restore access.
Steps to Reproduce
Do not do this on a Super Admin role unless you have DB access!!
- Go to Administration -> Roles and select Super Admin (RID 9)
- Toggle off section 6, Administration. Click save.
- Log out and back in.
Expected Results
The Super Admin user (or any user) should not be able to remove Admin privileges from the Super Admin role. We should possibly also display a toaster or similar to advise a user to create a custom role if they want these privileges to be dropped.
An alternative would be a warning clearly stating the consequences of doing this.
Actual Results
The user is able to remove all admin privileges from the Super Admin role meaning that no one has access to application administration (unless they have individual toggles allowing them to do so).
There is logic to prevent the deletion of the SA role, but removing all its permissions is akin to deleting it.
Workaround
If this happens and there is no access to Administration or Role settings from another role, the only workaround is to have this addressed in the database.