Administrators can modify targets that they don't have rights to.

  • 3194457
  • 12-Oct-2006
  • 30-Apr-2012

Environment

Novell ZENworks Linux Management 6.6.2 - ZLM 6.6.2

Situation

Standard administrators can modify package targets even though they do not have"modify" rights to the channel.

Status

Reported to Engineering

Additional Information

STEPS TO REPRODUCE:

1.Login as your main administrator.

2.create a channel called secure_channel or whatever name you want.

3.create a new test administrator with administrator type: Standard.

4.go to the user and give him View permissions for the secure_channel

5.login as this test administrator

RESULTS:

The test administrator will be able to modify package targets within the

secure_channel that he didn't have modify rights to.