[Deploying Sakai] Elevating privileges on Sakai
Leon Kolchinsky
lkolchin at gmail.com
Tue Oct 18 17:25:50 PDT 2011
Hello,
We're using Sakai 2.6.2 version.
Recently, one of our users raised concern about "access" and "maintain"
users.
The problem is that any "access" user can go to "Site info"->"Manage Access"
and change "Role for people that join site:" from access to maintain.
Now if this site is joinable, any new user will have "maintain" access
rights and would be able to change permissions/delete members/even delete
site !
Are you aware of this issue?
Any tips on how to fix/workaround this problem?
Cheers,
Leon Kolchinsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20111019/76b0d7d7/attachment.html
More information about the production
mailing list