On orchestrator, User can't permit to change their own password only

i_completed
orchestrator

#1

Scenario:

User can’t change their own password if I don’t give the user edit permission, but if I give the edit permission, they can change everyone’s password including the admin! That is a security issue we are facing…

Steps to reproduce: Very easy to reproduce

Expected Behavior: User should be able to change their own password in any way.

Orchestrator Version: Also happen on the ver. 2017


#2

Yes, for now users that get edit permission get to change all password. This feature is intended for admins only: to create/edit/delete users.


#3

solved in 2017.1 upgrade… soon.