Project

General

Profile

Bug #23097

Analysis user able to modify production

Added by Stephen White about 1 month ago. Updated 24 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
Start date:
08/12/2019
Due date:
% Done:

100%

Estimated time:
First Occurred:
Scope:
Internal
Experiment:
-
Stakeholders:
Duration:

Description

If an analysis user is also a production user in another experiment like this:

pomsdev=> select * from experiments_experimenters where experimenter_id=5;
experiment | experimenter_id | active | role
------------+-----------------+--------+------------
samdev | 5 | t | production
dune | 5 | t | analysis

POMS will show analysis on the web form drop down But The database has session_role marked as production. Meaning: they have full edit access to production campaigns through the GUI - and probably other production privs too.

History

#1 Updated by Marc Mengel about 1 month ago

Several Permissions fixes...

d0791795
73f25b5e
70772d4a
70772d4a

I think its okay now. Also showing the right ones as authorized or not on the show_campaigns page...

#2 Updated by Marc Mengel 24 days ago

  • % Done changed from 0 to 100
  • Assignee set to Marc Mengel
  • Status changed from New to Resolved


Also available in: Atom PDF