Bug #20
closedPrivilege Lockout via Removal of All Permission Management Rights
Files
Updated by Vivek Kumar about 1 month ago
The application allows an administrator to remove permission-management privileges from all roles, including their own. This results in a complete administrative lockout where no user retains the ability to manage roles or permissions. There is no fallback or recovery mechanism, making the system partially unusable.
Steps to Reproduce:
Login as an administrator.
Navigate to the Roles & Permissions section.
Edit the admin role (or any role with permission-management privileges).
Remove the permission responsible for managing roles/permissions.
Save the changes.
Ensure no other role/user retains this permission.
Expected Result
The system should prevent removal of critical permission-management rights if it results in no user having administrative control. Alternatively, a protected/super-admin role should retain these permissions.
Actual Result
All permission-management capabilities are removed from every role. No user can:
- Assign roles
- Modify permissions
- Restore access
This leads to a permanent administrative lockout unless manual backend/database intervention is performed.
Updated by Adhi Narayanan about 1 month ago
- File clipboard-202603181727-k9dt2.png clipboard-202603181727-k9dt2.png added
- File Screenshot 2026-03-18 at 5.27.47 PM.png Screenshot 2026-03-18 at 5.27.47 PM.png added
- Status changed from New to Resolved
- % Done changed from 0 to 100
