Uploaded image for project: 'Jira Align'
  1. Jira Align
  2. JIRAALIGN-1222

[JIRAALIGN-1222] Administration: Super Admin should not be able to drop Administration privilages


    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • 10.69
    • 10.65
    • administration - roles
    • None
    • 1
    • Severity 2 - Major
    • X-Men - RHP9

      Issue Summary

      The Super Admin role has the ability to remove Administration role privileges from itself. In situations where the Super Admin role is the only role with admin rights, this situation would prevent any administration of the product and requires intervention at the database level to restore access.

      Steps to Reproduce

      Do not do this on a Super Admin role unless you have DB access!!

      1. Go to Administration -> Roles and select Super Admin (RID 9)
      2. Toggle off section 6, Administration. Click save.
      3. Log out and back in.

      Expected Results

      The Super Admin user (or any user) should not be able to remove Admin privileges from the Super Admin role. We should possibly also display a toaster or similar to advise a user to create a custom role if they want these privileges to be dropped.
      An alternative would be a warning clearly stating the consequences of doing this.

      Actual Results

      The user is able to remove all admin privileges from the Super Admin role meaning that no one has access to application administration (unless they have individual toggles allowing them to do so).
      There is logic to prevent the deletion of the SA role, but removing all its permissions is akin to deleting it.


      If this happens and there is no access to Administration or Role settings from another role, the only workaround is to have this addressed in the database.

            kbyrd@atlassian.com Kyle Byrd (Inactive)
            cjeggo Chris Jeggo (Inactive)
            0 Vote for this issue
            4 Start watching this issue