As a limited user with access to the config tool group, I am able to change the access for the CMS Administrator role, which doesn’t make sense as I should not be able to limit access for admins.
Proposed Objective
Security & Privacy
Proposed Priority
Priority 3 - Average
Acceptance Criteria
from @mbiuki
possible acceptance criteria
Audit and adjust role permissions to ensure limited users cannot alter higher-level roles or access restricted tools
Disable or hide actions for which users do not have permissions and provide clear indications of these restrictions.
External Links... Slack Conversations, Support Tickets, Figma Designs, etc.
Parent Issue
https://github.com/dotCMS/private-issues/issues/31
Task
I got the following from @mbiuki
Roles and tools
As a limited user with access to the config tool group, I am able to change the access for the CMS Administrator role, which doesn’t make sense as I should not be able to limit access for admins.
Proposed Objective
Security & Privacy
Proposed Priority
Priority 3 - Average
Acceptance Criteria
from @mbiuki
possible acceptance criteria
External Links... Slack Conversations, Support Tickets, Figma Designs, etc.
Assumptions & Initiation Needs
No response
Quality Assurance Notes & Workarounds
No response
Sub-Tasks & Estimates
No response