https://bugzilla.redhat.com/show_bug.cgi?id=784621 (Red Hat Enterprise Linux 6)
Description of problem: A user (possibly an admin with limited access) who has permission to update attributes for another user except password, logs in, the Reset Password link is enabled, indicating this user can reset it. It correctly will throw an error if an attempt is made. The other attributes that cannot be edited are all displayed as read only. To keep that look through the page, this link should not be clickable. Version-Release number of selected component (if applicable): ipa-server-2.2.0-101.20120123T0157zgit64cf8a4.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Add a permission ipa permission-add AAA --filter='(givenname=xyz)' --permissions=write --attr=carlicense 2. Add a privilege with this permission, add a role with this privilege, add a user with this role 3. add a user with givenname=xyz 3.Kinit as the user with the role, edit user xyz Actual results: carlicense can be updated (as expected) but can also click on link to reset password. Error will be thrown if an attempt is made. Expected results: The link to Reset password should not be enabled for this user. Additional info:
There is a bunch of places with similar issue.
Master: - bf9234d
Metadata Update from @mkosek: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 3.0 Core Effort - 2012/05
Login to comment on this ticket.