-
-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] lldap_password_manager
role does not see other users in the web UI
#875
Comments
lldap_password_manager
role does not have permissions to manage any passwords
From the logs, it seems you're trying to modify the password of an admin account. Only admins can modify the password of admins, otherwise you would get a privilege escalation from password manager to admin. Try with a regular user. |
Yeah, that was it. I was able to use Authelia's service to change a password for a non admin account. So the web UI does not allow users with that role to do anything, it's just for API access? Thanks for the quick response. Sorry for the wasted time. I knew it would be something stupid on my end... |
From the web UI, with that role you should be able to see all users (i.e. all the a read-only account can do), change your own details (that's the case for every user) and set non-admins' passwords (including other password manager accounts) |
Ok, that's what I expected. When I log in as my Authelia bind user I can only see that account. I can edit email and display name, but the password field is not there. There are no navigation links to go to other pages in the UI, but I did just realize that if I manually type in the I don't necessarily care about the UI for this use case, since it will only ever need API access. And it seems that the API access performs as expected in my limited testing. |
Oh, it might be a frontend outdated check that only checks if the user is admin or not. More generally, we don't really check the different permission levels and what they should see very well. |
lldap_password_manager
role does not have permissions to manage any passwordslldap_password_manager
role does not see other users in the web UI
Describe the bug
The
lldap_password_manager
role does not have permissions to manage any passwordsTo Reproduce
Steps to reproduce the behavior:
lldap_password_manager
roleExpected behavior
I would expect the
lldap_password_manager
role to be able to manage passwords of its own account and others.Logs
Additional context
I hope I'm not missing something here, but I know that's very possible. Is the role in question configurable and I've not set it up right?
The text was updated successfully, but these errors were encountered: