Defect #27804: Restriction of user visibility isn't working with internal authentication - Redmine

Actions

Copy link

Defect #27804

open

Restriction of user visibility isn't working with internal authentication

Added by Philip Heise almost 7 years ago. Updated almost 7 years ago.

Status:

Needs feedback

Priority:

Normal

Assignee:

Category:

Security

Target version:

Start date:

Due date:

% Done:

Estimated time:

Resolution:

Affected version:

3.3.1

Description

Hi,

I'm using Redmine 3.3.1 (Debian Stretch). I have two authentication methods configured: internal and LDAP. In the Settings I use the following settings:
- User visibility: Members of visible projects
- Member management: All Roles
- Permissions: Manager members

I dicovered that the restriction to view only members of visible projects (in every project's members configruration) only works for users with LDAP authentication. If a user account uses the internal authentication it can view the list of all redmine user accounts.

Files

Download all files

show-user.png (14.9 KB) show-user.png		Toshi MARUYAMA, 2018-01-13 18:35
foto.png (51.2 KB) foto.png		Philip Heise, 2018-02-14 19:57

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Defect #27804

Restriction of user visibility isn't working with internal authentication

Updated by Toshi MARUYAMA almost 7 years ago

Updated by Philip Heise almost 7 years ago