Vista Combinata Vista Piatta Vista ad Albero
Discussioni [ Precedente | Successivo ]
toggle
J B
Safeguard - prevent an Administrator from removing their own admin rights
17 dicembre 2012 1.24
Risposta

J B

Punteggio: New Member

Messaggi: 5

Data di Iscrizione: 30 novembre 2012

Messaggi recenti

Hi everyone,

Suggestion
How about including a safeguard that prevents a Portal Administrator from removing their own Portal Admin permissions? (Or at least warns them of what they're about to do.)

Background
I did it myself in a moment of tired confusion, and I ended up without any user accounts that could perform Portal administration.
See my post here... Removed all assignments from Liferay - now can't perform admin tasks

Luckily I'm only in the "experimenting / building" phase, so I don't have any sites in the public domain. That would have been horrendous. emoticon
Hitoshi Ozawa
RE: Safeguard - prevent an Administrator from removing their own admin righ
2 gennaio 2013 19.17
Risposta

Hitoshi Ozawa

Punteggio: Liferay Legend

Messaggi: 7952

Data di Iscrizione: 23 marzo 2010

Messaggi recenti

Omni Administrator is suppose to be able to always administrator the portal.
James McGovern
RE: Safeguard - prevent an Administrator from removing their own admin righ
3 febbraio 2013 7.45
Risposta

James McGovern

Punteggio: Junior Member

Messaggi: 69

Data di Iscrizione: 13 giugno 2010

Messaggi recenti

You cannot take away rights from Omni Administrator. With that being said, it may make sense to have a portal.properties value such as MinAdminCount to place a constraint on the minimum number of administrators that a given organization should have.
Hitoshi Ozawa
RE: Safeguard - prevent an Administrator from removing their own admin righ
3 febbraio 2013 13.33
Risposta

Hitoshi Ozawa

Punteggio: Liferay Legend

Messaggi: 7952

Data di Iscrizione: 23 marzo 2010

Messaggi recenti

That'll cause a chicken and egg like situation because initially, no organization admin will exist because there isn't an organization and organization will not initially have minimum number of organizational admin.
J B
RE: Safeguard - prevent an Administrator from removing their own admin righ
3 febbraio 2013 13.57
Risposta

J B

Punteggio: New Member

Messaggi: 5

Data di Iscrizione: 30 novembre 2012

Messaggi recenti

Hitoshi Ozawa:
That'll cause a chicken and egg like situation because initially, no organization admin will exist because there isn't an organization and organization will not initially have minimum number of organizational admin.


I did like James' suggestion, but I can see the possible chicken & egg problem.

I do think there's a need to prevent idiots like me from being able to 'bulk unassign' the administrator role from all the existing member users, thus leaving the portal without any admins at all, and therefore no way of doing portal administration from that point on. But I have no idea how to implement this. (If I was smart enough to figure out the answer, I probably wouldn't have had the problem in the first place. emoticon )

I hope I've properly explained what the problem was - I actually explained it better in the other thread... Removed all assignments from Liferay - now can't perform admin tasks.

By the way, if a Liferay staffer wants to know how I got myself out of the hole, I'll happily explain in private. I don't want to post it publicly in case it's something that could be exploited for malicious purposes.

James & Hitoshi, thanks again for your ongoing thinking on this.

JB
Hitoshi Ozawa
RE: Safeguard - prevent an Administrator from removing their own admin righ
4 febbraio 2013 15.00
Risposta

Hitoshi Ozawa

Punteggio: Liferay Legend

Messaggi: 7952

Data di Iscrizione: 23 marzo 2010

Messaggi recenti

Liferay has omni admin. By default admin of the initial liferay instance is made into an omni admin but to safeguard,
it's recommended to separate ordinary admin from omni admin. You probably won't had the problem if you created
a regular admin to do normal administrative tasks.

#
# Omniadmin users can administer the portal's core functionality: gc,
# shutdown, etc. Omniadmin users must belong to the default company.
#
# Multiple portal instances might be deployed on one application server, and
# not all of the administrators should have access to this core
# functionality. Input the ids of users who are omniadmin users.
#
# Leave this field blank if users who belong to the right company and have
# the Administrator role are allowed to administer the portal's core
# functionality.
#
omniadmin.users=
James Falkner
RE: Safeguard - prevent an Administrator from removing their own admin righ
11 febbraio 2013 12.36
Risposta

James Falkner

LIFERAY STAFF

Punteggio: Liferay Legend

Messaggi: 1315

Data di Iscrizione: 17 settembre 2010

Messaggi recenti

J B:

By the way, if a Liferay staffer wants to know how I got myself out of the hole, I'll happily explain in private. I don't want to post it publicly in case it's something that could be exploited for malicious purposes.

James & Hitoshi, thanks again for your ongoing thinking on this.

JB


Hey JB - sent you a PM about this. I would like to know how you got yourself out of this hole emoticon