Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Dashboard available to ALL users

I have noticed some strange behaviour. I have put this under 2.8 but my 2.6 forum has the same symptoms. I have a test user that has the role we call "Member" with the associated access rights however this user can gain access to the dashboard and make changes.

For the life of me I can't see how this is happening (or when it started to happen) so any clues as to areas I need to look into please?

Comments

  • R_JR_J Ex-Fanboy Munich Admin

    First thing to look at is the Member role and which permissions you gave it. And the role should be of type MEMBER

    Second step would be to look at the table GDN_UserRole and see which RoleIDs such a user has. Ensure he is only a member.

    If this is only for one user, you should take a look at GDN_User and inspect the "Admin" column. It should be "0" for all users except the superadmin (and 2 for system accounts)

  • Thanks @R_J , I'll start to do some digging

  • A little late in responding , all that seems to check out however all of my members can see the "Dashboard" option and this then allows them into the back-end.

    Is there a specific setting that restricts this to admins only that I'm missing?

  • R_JR_J Ex-Fanboy Munich Admin

    Can you post screenshots of the member roles permissions?

Sign In or Register to comment.