[Deploying Sakai] Elevating privileges on Sakai

Leon Kolchinsky lkolchin at gmail.com
Tue Oct 18 17:25:50 PDT 2011


We're using Sakai 2.6.2 version.
Recently, one of our users raised concern about "access" and "maintain"
The problem is that any "access" user can go to "Site info"->"Manage Access"
and change "Role for people that join site:" from access to maintain.
Now if this site is joinable, any new user will have "maintain" access
rights and would be able to change permissions/delete members/even delete
site !

Are you aware of this issue?
Any tips on how to fix/workaround this problem?

Leon Kolchinsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20111019/76b0d7d7/attachment.html 

More information about the production mailing list