Hi Everybody,
I just did a fresh install of 0.9.8.4. Everything works fine.
I added 3 new user (principals) from the web interface. I tested the
access rights of the new principals on resources of another principal
from a client application and everything works as expected.
But to my big surprise every principal can login to the web interface
and change access permission on resources of another principal. This
seems pretty strange. One user (principal) could give her/himself access
to the calendar of another user.
Could anybody explain me the default security model?
Thanks!
Lucas
I just did a fresh install of 0.9.8.4. Everything works fine.
I added 3 new user (principals) from the web interface. I tested the
access rights of the new principals on resources of another principal
from a client application and everything works as expected.
But to my big surprise every principal can login to the web interface
and change access permission on resources of another principal. This
seems pretty strange. One user (principal) could give her/himself access
to the calendar of another user.
Could anybody explain me the default security model?
Thanks!
Lucas