View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 2
IDProjectCategoryView StatusDate SubmittedLast Update
10041Bug reportsDocumentationpublic2015-11-17 01:272015-11-19 09:17
ReporterDeveloperChris Assigned ToDenisChenu  
PrioritynormalSeveritypartial_block 
Status closedResolutionfixed 
Fixed in Version2.06+ 
Summary10041: Non Super Users can change global settings
Description

according to this page
https://manual.limesurvey.org/Global_settings

"If you click on the icon Global.png in the main toolbar you will get to the Global settings. The Global settings dialog is only available to administration users with the right 'Super Administrator'."

This I believe is the correct approach.

Unfortunately any super admin can inadvertently assign settings "read/update" rights to the global settings.

We recently had our global settings changed by a user who probably thought they were changing the settings for their survey only. Thus effecting all surveys.

This user had been granted settings rights even though they were not a superadmin.

This is in direct contrast to the statement in the manual linked above.

Steps To Reproduce

Create a user
Give them global settings rights
Make sure they are not super admins
Log out
Log in as the newly created user and test access to global settings

Additional Information

Perhaps the ability to assign settings permissions is greyed out unless the user also has superadmin ticked?

TagsNo tags attached.
Bug heat2
Complete LimeSurvey version number (& build)150211
I will donate to the project if issue is resolvedNo
Browser
Database type & versionAll
Server OS (if known)All
Webserver software & version (if known)All
PHP VersionAll

Relationships

Relationship GraphDependency Graph
related to 09953 closedc_schmitz Set Settings & Plugins Global permission to true don't give access to plugin settings 

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2015-11-17 08:46

developer   ~33575

Last edited: 2015-11-17 08:48

Hi,

No seperate Global Settings and Super Admin is a good idea.

Usage example :
Technician : allowed to update 'SMTP' Send mail by default etc ... But not allowed to touch Surveys

Doc issue
DenisChenu

DenisChenu

2015-11-19 09:17

developer   ~33593

https://manual.limesurvey.org/index.php?title=Global_settings&diff=66248&oldid=66079

Issue History

Date Modified Username Field Change
2015-11-17 01:27 DeveloperChris New Issue
2015-11-17 08:46 DenisChenu Note Added: 33575
2015-11-17 08:48 DenisChenu Relationship added related to 09953
2015-11-17 08:48 DenisChenu Note Edited: 33575
2015-11-17 08:49 DenisChenu Category Security => Documentation
2015-11-19 09:17 DenisChenu Note Added: 33593
2015-11-19 09:17 DenisChenu Status new => closed
2015-11-19 09:17 DenisChenu Assigned To => DenisChenu
2015-11-19 09:17 DenisChenu Resolution open => fixed
2015-11-19 09:17 DenisChenu Fixed in Version => 2.06+