- Users can give themselves any roles
- Posted by a1 pro on February 28th, 2008
I've got a custom role that has read only (user only) access to user settings.
This user role does not have assign role privilege.
However, If I go to personalize workplace on the general tab I can click on
"view your user profile here" and once on the user screen I can give myself
any role I want, which is obviously not good at all
Is this a CRM problem?
I would remove personalize workplace from the sitemap if I knew how, but I
already posted and nobody seemed to know
Any ideas?
TIA
- Posted by a1 pro on February 28th, 2008
When I click on "view your user profile here" as described in my previous
post it loads the user profile screen with system administrator privileges
!!!!!!!!!!!!!!!! even with my test role that I describe below.
test role
privileges
Business Management:
org settings (organization)
business unit (business unit)
user (business unit)
user settings (user)
team (business unit)
role (business unit)
license (organization)
All of the above are read
Customization
Form (organization) read
view (organization) read
Custom entity
mycustomentity (organization) read
Any help will be appreciated it
"a1 pro" wrote:
- Posted by TheKlemer on March 4th, 2008
I'd move to a different machine, and absolutely verify it's logging in as
that role/user. It sounds like the machine you are using is caching your
loging.
--
John Klemetsrud
"a1 pro" wrote:
