Regular users have rights on other regular users

theotot · 16 March 2017 19:19

Hi.
I ve noticed something that for me is an important security issue.
My version is 7.8.2.
The story is that in my instalation , regular users have the right to change preferencies of other regualr users .

To be more specific, in the list view of Tasks module i have added the “created by” column.
Lets say i ve logged in as “regular user 1” who is not administrator.
Clicking on any user (lets say “regular user 2”)on this column, opens the user’s (“regular user 2”) profile.
From that page “regular user 1” can reset “regular user 2” preferencies and home page. Also “regular user 1” can view “regular user 2” settings and module access.

Is that normal?
Thanks

Camo · 17 March 2017 09:29

I cannot replicate the issue you are having out the box with 2 standard users with no role assigned to them.

Could you please attach the full page of access roles detail view for Standard user 1

amariussi · 17 March 2017 16:58

@Camo
Trying to replicate this issue I found another issue in the official SuiteCRM demo: