This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Read Only user can edit?

I was logged in as a READONLY user. While I was logged in, I forgot that I was logged in as a READONLY user and somehow successfully made changed to a firewall profile under Webserver Protection>>Web Application Firewall>>Firewall Profiles tab. The changes were recorded in the Management>>Last WebAdmin Sessions list.

The way I have the user set up is fairly simple.

For example:

Management>>Users & Groups

The user is a locally authenticated user named ROUser.

I then added ROUser to a group that I created to hold ReadOnly users named ROGroup.

Management>>WebAdmin Settings>>Access Control tab

I then added ROGroup to the default READONLY role. Grant read-only access is checked.

As far as I know, I have done everything to make this user ROUser a read-only user, but somehow I was able to make changes.

What I am missing here?

This thread was automatically locked due to age.

Parents

0 teched_01 over 9 years ago

Version?

Confirm the exact change from the database, assumes regular account is admin:

psql reporting -U reporting -c "SELECT confd_sessions.*, confd_nodes.* FROM confd_sessions INNER JOIN confd_nodes ON confd_sessions.sid = confd_nodes.sid WHERE confd_sessions.facility = 'webadmin' AND confd_sessions.username != 'admin';"

What do confd.log and confd-debug.log lines show from that time and change?

Reply

0 teched_01 over 9 years ago

Version?

Confirm the exact change from the database, assumes regular account is admin:

psql reporting -U reporting -c "SELECT confd_sessions.*, confd_nodes.* FROM confd_sessions INNER JOIN confd_nodes ON confd_sessions.sid = confd_nodes.sid WHERE confd_sessions.facility = 'webadmin' AND confd_sessions.username != 'admin';"

What do confd.log and confd-debug.log lines show from that time and change?

Children

No Data