Managers group can modify only the accounts database

Playing with the panel delegation I maybe found a bug in /usr/share/nethesis/NethServer/Authorization/base.json

    "Id": 1328028218,
    "Effect": "ALLOW",
    "Subject": ".groups HAS managers",
    "Resource": [".category IS Management", "Nethgui\\System\\EsmithDatabase:accounts"],

        "Managers can access modules in Management category and write accounts database"

like you can see the Managers group can change settings in the Management section, but only the accounts database can be modified by the members of this group.

It gives an issue for example for the virtualhost panel because the database is vhosts (no permission granted on it)

1 Like

I agree, it should be added to the Resource list.

In fact you cannot find the database name, it should be granted to all databases. Why because you will think to official databases, but not for the custom one (mine, or others else)

Right, it is possible to provide additional rules from individual modules though… But we could also grant access to all DBs by default and enforce rules at module level only.

1 Like