User Mgmt: admin can lock himself out of back-end page

[JeffreyDevloo]

Problem description

The currently logged in administrator can lock himself out of a back-end page by explicitly denying himself.

Temporary solution

• Unlock the administrator by creating a new administrator under user management
• Log in as the newly made administrator
• Go to the back-end page
• Grant the other admin or implicitly deny him

  Additional information

  Setup

Hyperconverged setup

• Three nodes with each three disks for the back-end

  Package information

• openvstorage 2.7.2-rev.3859.42b3488-1 amd64 openvStorage
• openvstorage-backend 1.7.2-rev.675.37ca5b8-1 amd64 openvStorage Backend plugin
• openvstorage-backend-core 1.7.2-rev.675.37ca5b8-1 amd64 openvStorage Backend plugin core
• openvstorage-backend-webapps 1.7.2-rev.675.37ca5b8-1 amd64 openvStorage Backend plugin Web Applications
• openvstorage-cinder-plugin 1.2.2-rev.32.948a8c1-1 amd64 OpenvStorage Cinder plugin for OpenStack
• openvstorage-core 2.7.2-rev.3859.42b3488-1 amd64 openvStorage core
• openvstorage-hc 1.7.2-rev.675.37ca5b8-1 amd64 openvStorage Backend plugin HyperConverged
• openvstorage-health-check 2.0.0-rev.117.3212ea9-1 amd64 Open vStorage HealthCheck
• openvstorage-sdm 1.6.2-rev.330.f06c8de-1 amd64 Open vStorage Backend ASD Manager
• openvstorage-test 2.7.2-rev.980.0dbc80f-1 amd64 openvStorage autotest suite
• openvstorage-webapps 2.7.2-rev.3859.42b3488-1 amd64 openvStorage Web Applications

[khenderick]

To be honest, I didn't implement this because I don't actually care too much if an admin wants to explicitly lock himself out. It might be possible that he created a backend for another admin user, and then - correctly - denies himself access. I don't see too much issues in this.

[khenderick]

Except if a single admin locks himself out by accident, but then he can create a new admin user to grant himself access again. I'll leave this up to @wimpers to decide.

[dejonghb]

Isn't that the same problem as a user removing [him|her]self from users allowed to use sudo or changing [his|her] password to some unknown random thingy and then being unable to login?

[JeffreyDevloo]

Working as intended, could be used for multiple use cases (for instance a setup admin who restricts himself access afterwards) Closing.