Closed elichad closed 4 years ago
Current handling of permissions has no overlap between root and super_root, and the super_root functions are tested to make sure they are inaccessible to root. Don't currently have a test case for making sure super_root is denied access to the more "mundane" functions. Don't have any shared functions (yet?)
Given that super_root
is based at VO 'def', it cannot authenticate for actions at other VOs (root
or otherwise. Have also tested that creating an account named super_root
at a new VO has neither root
nor super_root
permissions.
Currently super_root
can perform actions at VO 'def' associated with a normal (non root
) user, such as adding a scope for its own account.