Foren

Safeguard - prevent an Administrator from removing their own admin rights

J B, geändert vor 11 Jahren.

Safeguard - prevent an Administrator from removing their own admin rights

New Member Beiträge: 5 Beitrittsdatum: 30.11.12 Neueste Beiträge
Hi everyone,

Suggestion
How about including a safeguard that prevents a Portal Administrator from removing their own Portal Admin permissions? (Or at least warns them of what they're about to do.)

Background
I did it myself in a moment of tired confusion, and I ended up without any user accounts that could perform Portal administration.
See my post here... Removed all assignments from Liferay - now can't perform admin tasks

Luckily I'm only in the "experimenting / building" phase, so I don't have any sites in the public domain. That would have been horrendous. emoticon
thumbnail
Hitoshi Ozawa, geändert vor 11 Jahren.

RE: Safeguard - prevent an Administrator from removing their own admin righ

Liferay Legend Beiträge: 7942 Beitrittsdatum: 24.03.10 Neueste Beiträge
Omni Administrator is suppose to be able to always administrator the portal.
James McGovern, geändert vor 11 Jahren.

RE: Safeguard - prevent an Administrator from removing their own admin righ

Junior Member Beiträge: 68 Beitrittsdatum: 13.06.10 Neueste Beiträge
You cannot take away rights from Omni Administrator. With that being said, it may make sense to have a portal.properties value such as MinAdminCount to place a constraint on the minimum number of administrators that a given organization should have.
thumbnail
Hitoshi Ozawa, geändert vor 11 Jahren.

RE: Safeguard - prevent an Administrator from removing their own admin righ

Liferay Legend Beiträge: 7942 Beitrittsdatum: 24.03.10 Neueste Beiträge
That'll cause a chicken and egg like situation because initially, no organization admin will exist because there isn't an organization and organization will not initially have minimum number of organizational admin.
J B, geändert vor 11 Jahren.

RE: Safeguard - prevent an Administrator from removing their own admin righ

New Member Beiträge: 5 Beitrittsdatum: 30.11.12 Neueste Beiträge
Hitoshi Ozawa:
That'll cause a chicken and egg like situation because initially, no organization admin will exist because there isn't an organization and organization will not initially have minimum number of organizational admin.


I did like James' suggestion, but I can see the possible chicken & egg problem.

I do think there's a need to prevent idiots like me from being able to 'bulk unassign' the administrator role from all the existing member users, thus leaving the portal without any admins at all, and therefore no way of doing portal administration from that point on. But I have no idea how to implement this. (If I was smart enough to figure out the answer, I probably wouldn't have had the problem in the first place. emoticon )

I hope I've properly explained what the problem was - I actually explained it better in the other thread... Removed all assignments from Liferay - now can't perform admin tasks.

By the way, if a Liferay staffer wants to know how I got myself out of the hole, I'll happily explain in private. I don't want to post it publicly in case it's something that could be exploited for malicious purposes.

James & Hitoshi, thanks again for your ongoing thinking on this.

JB
thumbnail
Hitoshi Ozawa, geändert vor 11 Jahren.

RE: Safeguard - prevent an Administrator from removing their own admin righ

Liferay Legend Beiträge: 7942 Beitrittsdatum: 24.03.10 Neueste Beiträge
Liferay has omni admin. By default admin of the initial liferay instance is made into an omni admin but to safeguard,
it's recommended to separate ordinary admin from omni admin. You probably won't had the problem if you created
a regular admin to do normal administrative tasks.

#
# Omniadmin users can administer the portal's core functionality: gc,
# shutdown, etc. Omniadmin users must belong to the default company.
#
# Multiple portal instances might be deployed on one application server, and
# not all of the administrators should have access to this core
# functionality. Input the ids of users who are omniadmin users.
#
# Leave this field blank if users who belong to the right company and have
# the Administrator role are allowed to administer the portal's core
# functionality.
#
omniadmin.users=
thumbnail
James Falkner, geändert vor 11 Jahren.

RE: Safeguard - prevent an Administrator from removing their own admin righ

Liferay Legend Beiträge: 1399 Beitrittsdatum: 17.09.10 Neueste Beiträge
J B:

By the way, if a Liferay staffer wants to know how I got myself out of the hole, I'll happily explain in private. I don't want to post it publicly in case it's something that could be exploited for malicious purposes.

James & Hitoshi, thanks again for your ongoing thinking on this.

JB


Hey JB - sent you a PM about this. I would like to know how you got yourself out of this hole emoticon