[BlueOnyx:25351] Re: 5210R - Additional Server Admin can create Site admins but cannot delete themn afterwards - fixed

[Michael Stauber]

Hi Dirk,

> I have created an additional server admin on one server. Under 
> Expert-Mode, I have given this user all the rights that are available there.

I just tested this on a 5209R and 5210R. Server Administrator account.

No privileges from the "Expert Settings" tab.

Under "Basic Settings" he has the following set:

- "Virtual Site Management" - ticked
- "Site DNS Management" - ticked
- "Virtual Site Management: Additional rights": All given

Under "Site Management" one (or more) Vsites are owned by *this* 
server-admin.

This was done via "Site Management" / <Vsite> / "General Settings" by 
choosing the name of the server-admin in the "Owner" entry and saving.

This server-admin can then see his owned Vsites (and only these) and can 
add/modify/delete users. Including siteAdmins. And he can create as many 
Vsites (and Users) as he has been allowed to.

I also tested that he can delete regular users and siteAdmins of owned 
Vsites. That worked without issue.

---

Then I checked if a server-admin with 'systemAdministrator' privileges 
(from the "Expert Settings"-tab), but without "Virtual Site Management" 
from the "Basic Settings"-tab can delete users of a Vsite.

And you're right: THAT he couldn't.

This was an oversight. There was a somewhat overzealous protection built 
in, that checked if the server-admin was of the same group as the user 
he tried to delete. A server-admin isn't necessarily a member of the 
same group as a user - even with 'systemAdministrator' privileges 
granted. Because he doesn't need to be.

I made an exception to that check so that we no longer use it of the 
logged in user has 'systemAdministrator' privileges and that should fix 
your issue.

Updated base-user-* RPMs have been published to the 5210R YUM repositories.

-- 
With best regards

Michael Stauber