漏洞
In the latest update of ArcGIS Online, when using a default custom role, users are unable to edit the custom role by navigating to Settings > Member Roles > Manage Roles without removing it first as the default role.
| 漏洞 ID 编号 | BUG-000127906 |
|---|---|
| 已提交 | January 13, 2020 |
| 上次修改时间 | June 5, 2024 |
| 适用范围 | ArcGIS Online |
| 找到的版本 | 7.4 |
| 操作系统 | Windows OS |
| 操作系统版本 | N/A |
| 状态 | Will Not Be Addressed |
附加信息
This behavior is expected and will not be changed. The reason it is not possible to edit a custom role which is set as a new member default because it is not allowed to set the default administrator role or a custom role with administrative privileges as a new member default. If email invites to create accounts with administrative privileges were sent to the wrong person (or intercepted in any way) then it could lead to security vulnerabilities for that organization. If a custom role set in new member defaults is allowed to be edited, then it could allow the admin to add administrative privileges to the role. Because new member defaults directly impact newly added members, we have to block all avenues that could lead to sending invitations which include roles with administrative privileges.解决办法
Remove the role as the default role, edit the role, and change it back as the default role.
重现步骤
漏洞 ID: BUG-000127906
软件:
- ArcGIS Online
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序